Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detecting Trojan horse Rootkit-Pakes.L


  • Please log in to reply
2 replies to this topic

#1 y2N

y2N

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 11 August 2009 - 08:25 PM

I ran SuperAntiSpyware, TrojanHunter, and AntiMalwareBytes along with AVG command line scanner in Safe Mode and AVG keeps popping up saying that I am infected with Trojan horse Rootkit-Pakes.L but it was not found by any of these applications.

It keeps coming up everytime I startup.

Please advise how I can resolve this.

Thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 11 August 2009 - 10:55 PM

Hello and welcome.
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CameronC

CameronC

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 16 August 2009 - 06:51 AM

Hi i have exactly the same problem and did what u told me "boopme" this is a copy of my report is this right?

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/16 12:03
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x885EE000 Size: 69632 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x88309000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAC775000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca1b80c31445d0.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01c9cc4cfb52d3e0.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18000_none_79cbf36190e59fa9\$$DeleteMe.wersvc.dll.01c9bb393fae7e60.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9cc4cfa0174b0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01c9cc4cf9529710.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01c9cc4cf9934990.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmp.dll.01ca1b80b95faf20.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmploc.DLL.01ca1b80be53d790.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18000_none_301b5dfb92ae18db\$$DeleteMe.localspl.dll.01c9ed56fca40db0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\$$DeleteMe.rpcrt4.dll.01c9ed56fbc51f60.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\$$DeleteMe.avifil32.dll.01ca1b80c2cd9fe0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18000_none_9681b77aa11e1dfb\$$DeleteMe.WindowsCodecs.dll.01c9bb393fe67e50.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSD.dll.01c9cc4cfbd438e0.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSE.exe.01c9cc4cfb857ca0.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\$$DeleteMe.fastprox.dll.01c9cc4cfbc3be20.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18000_none_cc3a17edd6d1c174\$$DeleteMe.wkssvc.dll.01ca1b80c2faf170.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\$$DeleteMe.PortableDeviceApi.dll.01c9bb3944e750f0.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\$$DeleteMe.Microsoft.MediaCenter.UI.dll.01c9bb3944d50170.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.16708_none_c7595a2aa4b56e63\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.20864_none_c79e1645be075077\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.18096_none_c8dc470aa226caf8\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.22208_none_c9c9359bbaf99f1e\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.16708_none_ddb4cf58a13aa0ca\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.20864_none_ddf98b73ba8c82de\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18096_none_df37bc389eabfd5f\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.22208_none_e024aac9b77ed185\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363fa\$$DeleteMe.winhttp.dll.01c9cc4cfc42d930.0007
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 1572864, Raw: 1048576)

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Users\Cameron\AppData\Local\Temp\aed258a2-21be-4a6c-a457-5d58317c855c.tmp
Status: Invisible to the Windows API!

Path: c:\users\cameron\appdata\local\temp\b9c9bee2-2152-48d7-a171-eb6dc6125685.tmp
Status: Allocation size mismatch (API: 524288, Raw: 0)

Path: c:\users\cameron\appdata\local\temp\26b17c3f-3d61-4987-9cdd-4f4c0c95cb25.tmp
Status: Allocation size mismatch (API: 15859712, Raw: 0)

Path: C:\Users\Cameron\AppData\Local\Temp\375eb732-5e70-472b-9431-c10a71e34acb.tmp
Status: Invisible to the Windows API!

Path: c:\users\cameron\appdata\local\temp\3ab8bb2a-a83d-4600-806b-d8b5e7655b13.tmp
Status: Allocation size mismatch (API: 31653888, Raw: 0)

Path: c:\users\cameron\appdata\local\temp\4ee7ed5a-c7cd-48e4-98d5-81050ea57635.tmp
Status: Allocation size mismatch (API: 196608, Raw: 0)

Path: C:\Users\Cameron\AppData\Local\Temp\c66dc600-f4df-4790-92d7-db480576197f.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Locked to the Windows API!

Path: C:\Users\Cameron\AppData\Local\Microsoft\Windows Live Mail\Yahoo.co (f 5c2\Sent Items\7DAA4D~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: D:\System Volume Information\{413c9513-82f1-11de-a73a-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{413c956f-82f1-11de-a73a-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{521b7cbc-73c7-11de-a509-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{521b7ce6-73c7-11de-a509-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{521b7ef8-73c7-11de-a509-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{521b7f02-73c7-11de-a509-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{0d249c3d-7a29-11de-8a21-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840c32-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840c5d-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840c6f-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840c95-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840c9f-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840caf-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840cd4-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{13840ce6-7d4d-11de-8c22-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{1acd1d50-8690-11de-96c5-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{1acd1d7c-8690-11de-96c5-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{1b210293-8577-11de-b931-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{1b2102b7-8577-11de-b931-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{23925c99-8774-11de-a0e1-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{75914cdf-79b4-11de-8858-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{834f639c-83f1-11de-a6db-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{834f692d-83f1-11de-a6db-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{9c71ebc3-8726-11de-bcec-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{9c71ebcd-8726-11de-bcec-001d09506a4b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{9c71ec47-8726-11de-bcec-001d09506a4b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{cdb6e6a6-88b4-11de-b022-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{d9f01887-87f7-11de-ad95-001fe1e28557}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1492 Status: Locked to the Windows API!

Path: C:\Windows\System32\mfpmp.exe
PID: 6348 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: maillang.dll]
Process: wlmail.exe (PID: 4228) Address: 0x62ae0000 Size: 2076672

Object: Hidden Module [Name: mailres2.dll]
Process: wlmail.exe (PID: 4228) Address: 0x61480000 Size: 11710464

Object: Hidden Module [Name: vista.thm]
Process: wlmail.exe (PID: 4228) Address: 0x67260000 Size: 172032

Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3380) Address: 0x5eb50000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8064.0206.dll]
Process: msnmsgr.exe (PID: 3380) Address: 0x67f70000 Size: 315392

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3380) Address: 0x70160000 Size: 20480

Object: Hidden Module [Name: default.dll]
Process: chrome.exe (PID: 6984) Address: 0x640b0000 Size: 352256

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 6984) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 7340) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 540) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 6904) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 7812) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 6964) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 3832) Address: 0x707e0000 Size: 106496

Object: Hidden Module [Name: en-GB.dll]
Process: chrome.exe (PID: 4236) Address: 0x707e0000 Size: 106496

==EOF==

Please help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users