Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32trojantdss. Help! [Moved]


  • Please log in to reply
15 replies to this topic

#1 mbluemke

mbluemke

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 28 July 2009 - 05:19 PM

I have used Malwarebytes and Ad-Aware but nothing will get rid of the trojan. The Win32Trojantdss is detected but is not removed. I have heard of people using hijack this and combofix to remove it. Please help.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,912 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:59 PM

Posted 28 July 2009 - 06:09 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:59 PM

Posted 30 July 2009 - 12:25 AM

Hello mbluemke and :thumbsup: to BleepingComputer!

Let's see if we can zap this bugger. :flowers:


Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.

Disconnect from the Internet or physically unplug you Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Unzip the download,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.

~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 01 August 2009 - 12:03 PM

Here is the log:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/31 16:58
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8FB48000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80697000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x81C1D000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x90371000 Size: 294912 File Visible: - Signed: -
Status: -

Name: Apfiltr.sys
Image Path: C:\Windows\system32\DRIVERS\Apfiltr.sys
Address: 0x8F9BE000 Size: 180224 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x822C9000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x822D1000 Size: 122880 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x80727000 Size: 40960 File Visible: - Signed: -
Status: -

Name: BCM42RLY.sys
Image Path: C:\Windows\system32\drivers\BCM42RLY.sys
Address: 0xAB2D3000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bcmwl6.sys
Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys
Address: 0x8FA0E000 Size: 1220608 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x900C4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8047B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA998E000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x96260000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xB800E000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8F0F9000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804C4000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x82B99000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80483000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8FBF7000 Size: 14208 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80724000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FFEC000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x82BBA000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x829E8000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x82B88000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x805D1000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8F00D000 Size: 815104 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x90000000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8F85C000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x82B61000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x90136000 Size: 163840 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82321000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x822EF000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x900B4000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x902F1000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8F9F5000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x81FD6000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8F960000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8FF09000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8FE07000 Size: 1056768 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x807B6000 Size: 249856 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA9906000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8FBE4000 Size: 77824 File Visible: - Signed: -
Status: -

Name: iastor.sys
Image Path: C:\Windows\system32\drivers\iastor.sys
Address: 0x82202000 Size: 815104 File Visible: - Signed: -
Status: -

Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8F20F000 Size: 6606848 File Visible: - Signed: -
Status: -

Name: IntcHdmi.sys
Image Path: C:\Windows\system32\drivers\IntcHdmi.sys
Address: 0x8FFCB000 Size: 135168 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\DRIVERS\intelide.sys
Address: 0x8078A000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8F0EA000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ipfltdrv.sys
Address: 0x9034B000 Size: 73728 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8F9EA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80402000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x82978000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8236C000 Size: 462848 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: C:\Windows\system32\DRIVERS\Lbd.sys
Address: 0x82354000 Size: 57472 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA98AF000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040A000 Size: 393216 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xAB2EB000 Size: 12672 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\Windows\system32\drivers\mfeavfk.sys
Address: 0xAB3DF000 Size: 73088 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\Windows\system32\drivers\mfebopk.sys
Address: 0xAB3D8000 Size: 28544 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\Windows\system32\drivers\mfehidk.sys
Address: 0x901CC000 Size: 207296 File Visible: - Signed: -
Status: -

Name: mfesmfk.sys
Image Path: C:\Windows\system32\drivers\mfesmfk.sys
Address: 0xAB2DB000 Size: 33824 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8FFBE000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x823DD000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8FA00000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x807A6000 Size: 65536 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\Windows\System32\Drivers\Mpfp.sys
Address: 0x9030C000 Size: 167936 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA99A7000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA99BC000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA99DC000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xAB20F000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xAB248000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x90108000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806E6000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F111000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x82913000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F1F3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x82B52000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x82808000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F1A2000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA98E9000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F1AD000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x829D7000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x903EB000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x903B9000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8293E000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x90113000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x90200000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x82A02000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x81C1D000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x900BD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA98BF000 Size: 172032 File Visible: - Signed: -
Status: -

Name: OEM02Dev.sys
Image Path: C:\Windows\system32\DRIVERS\OEM02Dev.sys
Address: 0x90078000 Size: 235648 File Visible: - Signed: -
Status: -

Name: OEM02Vfx.sys
Image Path: C:\Windows\system32\DRIVERS\OEM02Vfx.sys
Address: 0x900B2000 Size: 7424 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8FB38000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x90167000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80715000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806EE000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x8079F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x80791000 Size: 57344 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: C:\Windows\system32\drivers\PCTCore.sys
Address: 0x82331000 Size: 143360 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xAB2EF000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x81C1D000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x805A4000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8046A000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x82363000 Size: 36288 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x9015E000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F18B000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F1D0000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F1DF000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x82BD0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x81C1D000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x90190000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x900F8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x90100000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys
Address: 0x8FB70000 Size: 61440 File Visible: - Signed: -
Status: -

Name: rimsptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys
Address: 0x8FB7F000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rixdptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys
Address: 0x8FB93000 Size: 331776 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB805D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA98F3000 Size: 77824 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x8FB56000 Size: 106496 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xAB3CD000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x9035D000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x82B4A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA9800000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xAB287000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xAB260000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA9971000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8F13F000 Size: 266240 File Visible: - Signed: -
Status: -

Name: stwrt.sys
Image Path: C:\Windows\system32\drivers\stwrt.sys
Address: 0x9000A000 Size: 348160 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8FBFB000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x9020A000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xAB3F1000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F180000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x90335000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x82BE5000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x96240000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8F0E1000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8F0D6000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F000000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x9005F000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x90076000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8F951000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x829A2000 Size: 217088 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8F913000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0xB8024000 Size: 73728 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8F908000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x900CB000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x900D7000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80731000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80740000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x82B11000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x9017D000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8F8FB000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8060E000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8068A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x96020000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x96020000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8F200000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806DD000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x81C1D000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xB804B000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xB8036000 Size: 83328 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xAB200000 Size: 32768 File Visible: - Signed: -
Status: -

Name: yk60x86.sys
Image Path: C:\Windows\system32\DRIVERS\yk60x86.sys
Address: 0x8F972000 Size: 311296 File Visible: - Signed: -
Status: -

#5 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 01 August 2009 - 12:21 PM

This is actually the report after I unzipped the Rootrepeal and ran the scan again:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/01 12:08
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x90665000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAB96F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{884b6c19-771b-11de-8ac7-00219bd1f16a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{884b6c24-771b-11de-8ac7-00219bd1f16a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\program files\spyware doctor\sdnetplugin.txt
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: C:\Windows\System32\UACelbmcbcoxmeospuec.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACevxhgujhfvghxxxtm.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACifawbvxxtnngisqom.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACixpgnppnanhhkxuak.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACmpvbjaylfmggoyrth.db
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACohjeipjjltgxroduw.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACqcpilgwkwcsvvajha.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_q1ktqwl69rl0alj
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_qmiatywbqqswfoi
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_3dvhjiyfpkpeuz3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_3evuhvfj4jrqw4s
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_i0iub8ascf6tfph
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ikyz9ck8xdddi9e
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_imgrewpiz4qchiz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\wer88c0.tmp.hdmp
Status: Allocation size mismatch (API: 1966080, Raw: 0)

Path: c:\windows\temp\mcmsc_b6uzaycij3bh75s
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_azzlfvxuw4dt3im
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_byzkyz77owd6zmd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_k3shxdnruhxupsh
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_kcoxdmi3hfxfwfa
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_utneux4ekf6til5
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_uzkroql2idvsci8
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_oc24rs0gphddzly
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_rsfsaxqsxibhxri
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_mhu8qwh5nlg7gjz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_mubpry0ecwjl7hj
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_nhrd5feyfyz7rjf
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ychmpkmq56rdrts
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_yszhgh9ka61nilg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ew0n48ullyvx8gl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ffye0kmo8myxwsa
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_fks2rttxqwl7po2
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_fqaox5e0ikjg4yw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_4l3raqhgkpatz9h
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_8rp7cyetdpgbcbl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_8sjvgka6uwx33t3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_9csagz614ggetue
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_9fefyfemgxyrr1q
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_ticbniceb7ftrzx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_vwid4jf40hefhye
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_stqhlf8mukrddxe
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_tjnnsya9glc5byt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_tkmyultruti414o
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_twaidad90l7c4wa
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_frlxniqpem6vmoc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_jm3oztlpxkm9eu2
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_xobhb5ixaouph20
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_xukri0h5ne2kcue
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_jxij8u58jtfz7pi
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_kaj3gfpsgvcygfx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\Temp\UAC41a1.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC42aa.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC5cee.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC65c4.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC67e6.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC8b7c.tmp
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_gxaktl3bxejsea1
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_h34bxcwsgeme7jv
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_nqj2radql1gabdw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_obokeacdmivdq7n
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_oedmh70iwftgxkr
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_oumokjayxcofafa
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_pnpdclqhrkuua9n
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_pqcf9eml6lzebju
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_davpy2keflxpye0
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_dytl4bdhezzvgcp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_inhlqdm6ontcxpn
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_0ddyoje8vuvudrg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_66zwkpkgvm9opd7
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_6jdw4gwf2nz4car
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_6ut9ygtdfgohqwc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_7coxgrwsy34dvpf
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_a6h0x5dmc9kvm3c
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_afxst1gdfoclkh2
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_apo9cc2btdsrbsx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_qtwnlasikca5ory
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_rembd5xujf5tfnc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_rhgissfalpahqnl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ri63rvboxis0nzf
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_zxanukws7pgvsjx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_keku3tsog6vfygg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_wn2bsv9yf6qfrtc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\UACtnntmyrhpqbupinfo.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.16708_none_820ff368b2f34b62\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.20864_none_8254af83cc452d76\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.18096_none_8392e048b064a7f7\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.22208_none_847fced9c9377c1d\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.16708_none_4c6d3f4bfe5170cb\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.20864_none_4cb1fb6717a352df\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.18096_none_4df02c2bfbc2cd60\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.22208_none_4edd1abd1495a186\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.18096_none_ada2ec92b42bf87e\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bfProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1284 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: wininit.exe (PID: 636) Address: 0x00250000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: wininit.exe (PID: 636) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: services.exe (PID: 684) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: services.exe (PID: 684) Address: 0x00340000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: winlogon.exe (PID: 712) Address: 0x00830000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: winlogon.exe (PID: 712) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: lsass.exe (PID: 744) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: lsass.exe (PID: 744) Address: 0x008e0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: lsm.exe (PID: 752) Address: 0x00330000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: lsm.exe (PID: 752) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 904) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 904) Address: 0x00400000 Size: 49152

Object: Hidden Module [Name: UAC42aa.tmpipjjltgxroduw.dll]
Process: svchost.exe (PID: 904) Address: 0x005b0000 Size: 217088

Object: Hidden Module [Name: UACifawbvxxtnngisqom.dll]
Process: svchost.exe (PID: 904) Address: 0x00a80000 Size: 73728

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 904) Address: 0x01e40000 Size: 45056

Object: Hidden Module [Name: UACohjeipjjltgxroduw.dll]
Process: svchost.exe (PID: 904) Address: 0x01e50000 Size: 217088

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 904) Address: 0x02090000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 980) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 980) Address: 0x00510000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 1108) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 1108) Address: 0x002f0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 1180) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 1180) Address: 0x00620000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 1196) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 1196) Address: 0x00260000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 1256) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 1256) Address: 0x00770000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: SLsvc.exe (PID: 1356) Address: 0x00b70000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: SLsvc.exe (PID: 1356) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 1408) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 1408) Address: 0x00500000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: WLTRYSVC.EXE (PID: 1656) Address: 0x00cf0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: WLTRYSVC.EXE (PID: 1656) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: WLANExt.exe (PID: 1672) Address: 0x00890000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: WLANExt.exe (PID: 1672) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: bcmwltry.exe (PID: 1684) Address: 0x00d50000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: bcmwltry.exe (PID: 1684) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: AAWService.exe (PID: 1692) Address: 0x001e0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: AAWService.exe (PID: 1692) Address: 0x003b0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: spoolsv.exe (PID: 1768) Address: 0x00190000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: spoolsv.exe (PID: 1768) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 1860) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 1860) Address: 0x00220000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: aestsrv.exe (PID: 352) Address: 0x00840000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: aestsrv.exe (PID: 352) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: AppleMobileDeviceService.exe (PID: 412) Address: 0x00530000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: AppleMobileDeviceService.exe (PID: 412) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mDNSResponder.exe (PID: 432) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mDNSResponder.exe (PID: 432) Address: 0x00a40000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: dlcxcoms.exe (PID: 544) Address: 0x004c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: dlcxcoms.exe (PID: 544) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: Iaantmon.exe (PID: 632) Address: 0x003c0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: Iaantmon.exe (PID: 632) Address: 0x005e0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: McSACore.exe (PID: 1236) Address: 0x009e0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: McSACore.exe (PID: 1236) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mcproxy.exe (PID: 1304) Address: 0x00d80000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mcproxy.exe (PID: 1304) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: rundll32.exe (PID: 1312) Address: 0x00930000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: rundll32.exe (PID: 1312) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mcshield.exe (PID: 1548) Address: 0x009c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mcshield.exe (PID: 1548) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: MPFSrv.exe (PID: 2060) Address: 0x00a80000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: MPFSrv.exe (PID: 2060) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: MskSrver.exe (PID: 2160) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: MskSrver.exe (PID: 2160) Address: 0x00960000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 2204) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 2204) Address: 0x002e0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: pctsAuxs.exe (PID: 2252) Address: 0x009c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: pctsAuxs.exe (PID: 2252) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: pctsSvc.exe (PID: 2344) Address: 0x00db0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: pctsSvc.exe (PID: 2344) Address: 0x01520000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: sprtsvc.exe (PID: 2664) Address: 0x007f0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: sprtsvc.exe (PID: 2664) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: STacSV.exe (PID: 2684) Address: 0x00970000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: STacSV.exe (PID: 2684) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 2796) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 2796) Address: 0x00220000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: Dwm.exe (PID: 2976) Address: 0x003c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: Dwm.exe (PID: 2976) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: Explorer.EXE (PID: 3000) Address: 0x01720000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: Explorer.EXE (PID: 3000) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: IEUser.exe (PID: 3204) Address: 0x00840000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: IEUser.exe (PID: 3204) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: iexplore.exe (PID: 3536) Address: 0x00460000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: iexplore.exe (PID: 3536) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: svchost.exe (PID: 3808) Address: 0x001d0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: svchost.exe (PID: 3808) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: SearchIndexer.exe (PID: 3836) Address: 0x003c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: SearchIndexer.exe (PID: 3836) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: xaudio.exe (PID: 3908) Address: 0x009a0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: xaudio.exe (PID: 3908) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mcmscsvc.exe (PID: 3056) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mcmscsvc.exe (PID: 3056) Address: 0x005c0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: unsecapp.exe (PID: 3072) Address: 0x00250000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: unsecapp.exe (PID: 3072) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: wmiprvse.exe (PID: 2932) Address: 0x00920000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: wmiprvse.exe (PID: 2932) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mcagent.exe (PID: 4004) Address: 0x01920000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mcagent.exe (PID: 4004) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: Apoint.exe (PID: 2616) Address: 0x00800000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: Apoint.exe (PID: 2616) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: OEM02Mon.exe (PID: 2940) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: OEM02Mon.exe (PID: 2940) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: igfxtray.exe (PID: 4100) Address: 0x003a0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: igfxtray.exe (PID: 4100) Address: 0x018a0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: hkcmd.exe (PID: 4180) Address: 0x003b0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: hkcmd.exe (PID: 4180) Address: 0x018a0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: igfxpers.exe (PID: 4268) Address: 0x008e0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: igfxpers.exe (PID: 4268) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: IAAnotif.exe (PID: 4276) Address: 0x003b0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: IAAnotif.exe (PID: 4276) Address: 0x015b0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: WLTRAY.EXE (PID: 4288) Address: 0x01fb0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: WLTRAY.EXE (PID: 4288) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: PCMService.exe (PID: 4316) Address: 0x01500000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: PCMService.exe (PID: 4316) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: iTunesHelper.exe (PID: 4356) Address: 0x008d0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: iTunesHelper.exe (PID: 4356) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: sprtcmd.exe (PID: 4372) Address: 0x01510000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: sprtcmd.exe (PID: 4372) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: pctsTray.exe (PID: 4396) Address: 0x01bb0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: pctsTray.exe (PID: 4396) Address: 0x02600000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: sidebar.exe (PID: 4452) Address: 0x00290000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: sidebar.exe (PID: 4452) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: ehtray.exe (PID: 4480) Address: 0x00820000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: ehtray.exe (PID: 4480) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: TeaTimer.exe (PID: 4504) Address: 0x01ab0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: TeaTimer.exe (PID: 4504) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: DLG.exe (PID: 4520) Address: 0x003e0000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: DLG.exe (PID: 4520) Address: 0x015f0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: igfxsrvc.exe (PID: 4604) Address: 0x007f0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: igfxsrvc.exe (PID: 4604) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: AAWTray.exe (PID: 4920) Address: 0x008d0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: AAWTray.exe (PID: 4920) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: ApMsgFwd.exe (PID: 4976) Address: 0x008c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: ApMsgFwd.exe (PID: 4976) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: ehmsas.exe (PID: 4992) Address: 0x006d0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: ehmsas.exe (PID: 4992) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: Apntex.exe (PID: 5292) Address: 0x00440000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: Apntex.exe (PID: 5292) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: HidFind.exe (PID: 5336) Address: 0x007b0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: HidFind.exe (PID: 5336) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: iPodService.exe (PID: 3876) Address: 0x003b0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: iPodService.exe (PID: 3876) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mobsync.exe (PID: 4168) Address: 0x017c0000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mobsync.exe (PID: 4168) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mcsysmon.exe (PID: 1372) Address: 0x00570000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mcsysmon.exe (PID: 1372) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: mcnasvc.exe (PID: 6000) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: mcnasvc.exe (PID: 6000) Address: 0x00bd0000 Size: 49152

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: wuauclt.exe (PID: 5536) Address: 0x00830000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: wuauclt.exe (PID: 5536) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: Safari.exe (PID: 5116) Address: 0x02280000 Size: 49152

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: Safari.exe (PID: 5116) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACqcpilgwkwcsvvajha.dll]
Process: RootRepeal.exe (PID: 2804) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACevxhgujhfvghxxxtm.dll]
Process: RootRepeal.exe (PID: 2804) Address: 0x005f0000 Size: 49152

Hidden Services
-------------------
Service Name: hjgruipccnbbxx
Image Path: C:\Windows\system32\drivers\hjgruiydvrafgs.sys

Service Name: UACd.sys
Image Path: C:\Windows\system32\drivers\UACtnntmyrhpqbupinfo.sys

==EOF==

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:59 PM

Posted 01 August 2009 - 04:43 PM

Good.

Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\Windows\System32\drivers\UACtnntmyrhpqbupinfo.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Next, please update your copy of Malwarebytes, then run a Quick Scan in Normal Mode. Have Malwarebytes remove everything it finds, then post the results log for my review please.

~Blade

In your next reply, please include the following:
Malwarebytes log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 01 August 2009 - 11:19 PM

There is nothing under the files tab. Am I doing something wrong?

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:59 PM

Posted 01 August 2009 - 11:21 PM

Did you run the scan just like you did after unzipping it?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 02 August 2009 - 12:33 PM

When i first run the scan, a window pops up that says "Could not read the boot sector. Try adjusting the Dick Access Level in the Options dialog." After i press ok, another box appears that says " Could not read system registry. Please contact the author." Also, when I click on the files tab, at the bottom it says "Initializing, please wait" but nothing has happened.

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:59 PM

Posted 02 August 2009 - 12:38 PM

http://ad13.geekstogo.com/RootRepeal.zip

Download the new version of rootrepeal, your infection updated itself
Chewy

No. Try not. Do... or do not. There is no try.

#11 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 02 August 2009 - 01:44 PM

I was able to run the scan and delete the file under the file tab. I rebooted and updated malwarebytes. Here is a copy of the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2547
Windows 6.0.6001 Service Pack 1

8/2/2009 1:38:04 PM
mbam-log-2009-08-02 (13-37-49).txt

Scan type: Quick Scan
Objects scanned: 82403
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\UACifawbvxxtnngisqom.dll (Trojan.TDSS) -> No action taken.
c:\windows\system32\UACixpgnppnanhhkxuak.dll (Trojan.TDSS) -> No action taken.
c:\Windows\System32\UACohjeipjjltgxroduw.dll (Rogue.Agent) -> No action taken.
c:\windows\system32\UACqcpilgwkwcsvvajha.dll (Trojan.TDSS) -> No action taken.
c:\windows\temp\hjgruisxpbcrswyk.tmp (Trojan.TDSS) -> No action taken.
c:\windows\temp\UAC5cee.tmp (Trojan.TDSS) -> No action taken.
c:\windows\temp\UAC8b7c.tmp (Trojan.TDSS) -> No action taken.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> No action taken.
c:\Windows\System32\UACevxhgujhfvghxxxtm.dll (Trojan.Agent) -> No action taken.
c:\Windows\System32\drivers\UACtnntmyrhpqbupinfo.sys (Trojan.Agent) -> No action taken.


I chose to fix all and restarted my computer.

#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:59 PM

Posted 02 August 2009 - 01:52 PM

Run another quick scan and post that log please
Chewy

No. Try not. Do... or do not. There is no try.

#13 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 02 August 2009 - 03:36 PM

Here is the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2547
Windows 6.0.6001 Service Pack 1

8/2/2009 3:35:05 PM
mbam-log-2009-08-02 (15-35-05).txt

Scan type: Quick Scan
Objects scanned: 82239
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:59 PM

Posted 02 August 2009 - 04:37 PM

Looks good. How is the computer running now?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 mbluemke

mbluemke
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 02 August 2009 - 06:09 PM

It been running good so far! Thanks for the help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users