Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparent Rootkit.TDSS infection


  • This topic is locked This topic is locked
72 replies to this topic

#1 G Shields

G Shields

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 12 August 2009 - 05:47 PM

Hello.

I am running Windows Vista Home Premium on an HP laptop.

I recently unwittingly installed a DIVX codec that was loaded with malware. I have ESET installed and it alerted me to some of the problems. I have also run SpyWare Doctor which got rid of some stuff, but now repeatedly alerts me as follows:
Threat Name - Rootkit.TDSS ... Infection - C:\WINDOWS\SYSTEM32\SKYNETTDGNOEXX.DLL
I have tried to locate this dll, but it's not there.

Internet Explorer Version 8 loads google.com as my default home page, but when I click on a search link I get redirected to various unwanted sites. If I paste the link into the address bar, the url gets loaded correctly. Opera exhibits the same behavior.

In reading up on other people's experience with Rootkit.TDSS, I learned of ComboFix's effectiveness and came here to learn what I need to do next.

Thanks in advance!
Gregory Shields

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 12 August 2009 - 05:54 PM

Hello and welcome to Bleeping Computer. Please do not run combo fix as it can harm your computer if not used properly to a point where it may never start again.



Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 12 August 2009 - 06:11 PM

A few minutes after I initially started this topic, I observed something else happen. A dialog box popped up with "rundll32.exe - Bad Image" in the title bar and the following text in the message:
"globalroot\systemroot\system32\SKYNETtdgnoexx.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

So even if the dll wasn't there before, apparently it is now or maybe it was hidden before. I thought it wasn't there before because I used a console to try to delete it, which I thought would delete even a hidden file. Anyhow, this seems to me like a case where Windows pops up a dialog when a dll has something unusual about it and is being loaded by rundll32.exe. However, I wanted to alert you guys to it because I nevertheless don't know what to do about it.

Gregory Shields

#4 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 12 August 2009 - 06:30 PM

Hi.

I am in the process of trying to follow your instructions. I had to download malwarebytes twice because the first time it kept crashing my Windows shell. The second time I made sure to paste all the links into the address bar for cnet, etc. Then I was able to run the install. However, when it tried to update itself, it crashed. I then ran the program again, went to the Update tab, and it it crashed again when I told it to update. I guess I will continue on without the updates.

Gregory Shields

#5 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 12 August 2009 - 06:36 PM

And then also after you have run Malwarebytes:

Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K
Unzip that to your Desktop and then click RootRepeal.exe to open the scanner.

*Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the FILES tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High


Note 2: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
Computer Pro

#6 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 13 August 2009 - 12:35 AM

I was able to reboot and then update Anti-Malware. I was then able to run it. Here is the log:
Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 6.0.6002 Service Pack 2

8/13/2009 12:25:52 AM
mbam-log-2009-08-13 (00-25-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 542193
Time elapsed: 2 hour(s), 15 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\System32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\System32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\System32\AVR09.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PS9A9AY3\firewall[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\smss55DC (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\detbrfoint.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I will now reboot again so that it can delete winhelper.dll. I will then follow the next set of instructions.

#7 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 13 August 2009 - 08:50 AM

I have finished running RootRepeal. Here's the log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/13 08:40
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NLSLEX~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NLSLEX~2.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL04CE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL0CCE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL00DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL08DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL100C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL1C0C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL102C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL142C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL14CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL10DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL100A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL140A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL180A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL101A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL181A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL1C1A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL14CA~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL1428~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL14D8~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL141E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL181E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL1C1E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL142E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL14C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL18C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL1CC6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL14D6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL181C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL102C~2.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL182C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL14DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL1A2D~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NLSLEX~3.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\NL18CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\SKYNETcbjyydbs.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\System32\SKYNETewdqntfo.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\System32\SKYNETtdgnoexx.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\System32\SKYNETxfexxkti.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETapcnbnnpsj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\System32\drivers\SKYNETmppicqsp.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\System32\wbem\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\18860672a5c66d86c814094edcbe638747283dd1b644f8e960f40ca51d409ff2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\821b5699c772c1952968a54dadc77cc29ec0b1dd2fa6ce6df6977a8a00498e13.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca1b52d660ad0e.0008
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-browseui_31bf3856ad364e35_6.0.6000.16386_none_2eac1fb6e96abc48\browseui.dll.old
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-browseui_31bf3856ad364e35_6.0.6001.18000_none_30e2e1b2e655cd1c\browseui new old.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\$$DeleteMe.lsasrv.dll.01ca1b52d60a9dce.0001
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\$$DeleteMe.secur32.dll.01ca1b52d61cc63e.0002
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18005_none_e8c25637adef5b44\$$DeleteMe.kerberos.dll.01ca1b52d627749e.0004
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll.old
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll.old
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs new old.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6000.16386_none_a3add8d809a48a3e\uxtheme.dll.old
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6001.18000_none_a5e49ad4068f9b12\uxtheme new old.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18000_none_cc3a17edd6d1c174\$$DeleteMe.wkssvc.dll.01ca1b52d65bcb0e.0007
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16588_none_9e43e5cb1d89114d\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16588_none_9e43e5cb1d89114d\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6000.16588_none_033b76618d76fbc3\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16546_none_6296ee1fb11382ff\ieframe.dll.old
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6000.16588_none_573ca1a58bcec27f\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6000.16720_none_577582a98ba54a6f\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6000.20711_none_580aedc4a4b9ea78\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6000.20883_none_57c140caa4f0dde4\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6001.18111_none_5967918588c2d8c6\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6001.22230_none_59da8e2ea1f1971b\REGSVC~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_9e7d8c92dbaad42f\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_9ec248adf4fcb643\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18000_none_a05bc702d8d89d41\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NLSLEX~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NLSLEX~2.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NLSLEX~3.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL04CE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL0CCE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL00DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL08DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL100C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL1C0C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL142C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL14CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL18CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL10DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL100A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL140A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL180A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL101A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL181A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL1C1A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL14CA~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL1428~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL14D8~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL141E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL181E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL1C1E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL142E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL14C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL18C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL1CC6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL14D6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL181C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL102C~2.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL182C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL14DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL1A2D~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NL102C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL101A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL181A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL1C1A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL14CA~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL1428~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL14D8~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL141E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL181E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL1C1E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL142E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL14C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL18C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL1CC6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL14D6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL181C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL102C~2.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL182C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL14DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL1A2D~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\nlslexicons0002.dll
Status: Allocation size mismatch (API: 12242944, Raw: 4165632)

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NLSLEX~3.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL04CE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL0CCE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL00DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL08DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL100C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL1C0C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL102C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL142C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL14CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL18CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL10DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL100A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL140A~1.DLL
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\nlslexicons0001.dll
Status: Allocation size mismatch (API: 2646016, Raw: 11722752)

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NL180A~1.DLL
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\nlslexicons0001.dll
Status: Allocation size mismatch (API: 2646016, Raw: 11722752)

Path: c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\nlslexicons0002.dll
Status: Allocation size mismatch (API: 12242944, Raw: 4165632)

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NLSLEX~3.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL04CE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL0CCE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL00DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL08DE~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL100C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL140C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL1C0C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL102C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL142C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL18CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL10DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL100A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL140A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL180A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL101A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL181A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL1C1A~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL14CA~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL1428~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL14D8~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL141E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL181E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL1C1E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL142E~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL14C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL18C6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL1CC6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL14D6~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL181C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL102C~2.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL182C~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL14DC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL1A2D~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NLSMOD~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6002.18005_none_9fc64d4627dda079\NL14CC~1.DLL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32 new old.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6001.18000_none_fc4def09dac203c5\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6002.18005_none_fe396815d7e3cf11\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.16588_none_c219a45c25a461bb\_dataperfcounters_d.ini
Status: Allocation size mismatch (API: 57344, Raw: 40)

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.16720_none_c214589825a8fd4b\_dataperfcounters_d.ini
Status: Allocation size mismatch (API: 57344, Raw: 40)

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.20711_none_ab459aea3f515d4a\_dataperfcounters_d.ini
Status: Allocation size mismatch (API: 57344, Raw: 40)

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6000.20883_none_ab4c6f3c3f4b423e\_dataperfcounters_d.ini
Status: Allocation size mismatch (API: 57344, Raw: 40)

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18000_none_c1ee53f025fbd6a3\_DATAP~2.INI
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18111_none_c1ef3d4e25fb09ec\_dataperfcounters_d.ini
Status: Allocation size mismatch (API: 57344, Raw: 40)

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.22230_none_ab23adea3fa082ff\_dataperfcounters_d.ini
Status: Allocation size mismatch (API: 57344, Raw: 40)

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6002.18005_none_c1c9d92c264d6ab7\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20711_none_9b971118f24bbb08\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16588_none_ce9b5003cb9fd79e\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16588_none_ce9b5003cb9fd79e\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20711_none_d37a9b2ffa85161a\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20711_none_d37a9b2ffa85161a\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20711_none_ddcdfde22f84a3b2\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16588_none_c2a94629ba1131ac\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20711_none_c3779248d2fc59a5\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16588_none_f4a2075415d7a823\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16588_none_ea4ea4a1e0d81a8b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16588_none_ea4ea4a1e0d81a8b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_03362a9d8d7b9753\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6000.20711_none_ec676cefa723f752\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_ec6e4141a71ddc46\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6001.18000_none_031025f58dce70ab\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_03110f538dcda3f4\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_ec457fefa7731d07\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_02ebab318e2004bf\ILASME~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bb6355022188e485\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.22208_none_a0ed6803f1ef04ea\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_a0007972d91c30c4\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer new old.exe
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9\$$DeleteMe.wdigest.dll.01ca1b52d625c6ee.0003
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c23ce3d3d4a568.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_88e046c92fae6f57.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_14e7bbe4d35881f0.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_1179c2b5d66019bc.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_cbc247dd0ca131de.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_cbf00aee470f5fb7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_acd0e4ffe1daef0a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce45022749e1410.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1d4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_0605300f695657e9.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81ce14caf54466a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_01c6b44660ce74c3.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_3da38fdebd0e6822.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e16333f797ee22be.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_28b7ffe3058c8470.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_19832730d07592fb.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_d7412abf545c8405.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_84151105f82508d8.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_f03cd485e7dbb6a7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f68b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_18f8a87fd1919cd9.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d08b763a442c70c2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926d74eeadc7aa6.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_390a91d20a21a864.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_49ed4131141912ee.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_fef14129b5a84788.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_3a15284abf58447e.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_4ec74c6b3093419c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_2f2cc1b4522cec06.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_2a4cbfc25558bcd3.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_e29f88eb40dc93cd.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_9b54853441e399d5.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_4db05f807dd45954.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59b8c5f6501837c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.debugopenmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_64b8d7a7368af5da.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_7644f34b9721eccf.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_03c84dcc205e88fb.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.debugopenmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_1d0ba0d0220eccd4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_3624aa14c1dce505.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugopenmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_1c6642fe2d3191a1.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_96748342450f6aa2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_92995f253c01eddb.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_785235bc18e43c18.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_37ea0b5cfc57dfad.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_e77f8add3db0c300.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_8b162516588f5ada.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_a5325551f9d85633.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29cef43971b1902.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_39e222e84b9e7e6f.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_06328ff5fd1670fc.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_92c97da9c5f199b9.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_09c0f789facc94a0.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_f360fbe6b533bb31.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.debugopenmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d4b90c2718b5689b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_516c26fb0f4a960b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_53a74e5d2d6770cf.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.1833_none_4dddbf6711947267.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550a477d18ac90c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_024211bfff9b1183.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_706fccb39ad7e580.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_951ab4128654b0c9.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_d05db32909be42e9.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_88b07c51f54219e3.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a90f7809706b0557.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_a1d5f4f1e8c2d5cd.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_6dee77c650852292.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_15373b896021b326.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_e10ac90bf1105b6a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_1eee619668d8ad0b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_4368ee3f441331d4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_2d536b2f02a9957b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_3c8576a8f974f0b8.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_9aefdaaa829eb818.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61303bc9e4f1f3e5.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_e4a329d7006acfa0.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_da76b480da6dc2bf.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_9cf5f2ffebeea69a.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_04480933ab2137b1.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\ia64_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f4863308c6dcf.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_737233ca1c100ce5.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_330b958c9268999d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_f4d83fd1e4f8c7b2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a551ff35e6a96bed.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_469e7800ca24708e.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_c6e3d20ca2b1ebce.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_e9832bc8fd3efed3.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_08e3747fa83e48bc.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_156a40ebd3db7935.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8a1a02152edb659b.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d1c5318643596706.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_23d98a129b9d3e60.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Catalogs\amd64_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_e5a63457ee2d6c75.cat
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieframe new old.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16720_none_9e3e9a071d8dacdd\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16720_none_9e3e9a071d8dacdd\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20711_none_876fdc5937360cdc\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20711_none_876fdc5937360cdc\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8776b0ab372ff1d0\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8776b0ab372ff1d0\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.18000_none_9e18955f1de08635\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.18000_none_9e18955f1de08635\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.18111_none_9e197ebd1ddfb97e\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.18111_none_9e197ebd1ddfb97e\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.22230_none_874def5937853291\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.22230_none_874def5937853291\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6002.18005_none_9df41a9b1e321a49\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6002.18005_none_9df41a9b1e321a49\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16588_none_9ac8c4f9d960930f\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6001.18000_none_d1b1affa515cd235\BASEAL~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6002.18005_none_d39d29064e7e9d81\BASEAL~1.XML
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_82c7d4771e961867\themeui.dll.old
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui new old.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFF44~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI7A16~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2DAF~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~4.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~4.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3779~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16720_none_ce96043fcba4732e\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16720_none_ce96043fcba4732e\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.20711_none_b7c74691e54cd32d\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.20711_none_b7c74691e54cd32d\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.20883_none_b7ce1ae3e546b821\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.20883_none_b7ce1ae3e546b821\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18000_none_ce6fff97cbf74c86\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18000_none_ce6fff97cbf74c86\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18111_none_ce70e8f5cbf67fcf\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18111_none_ce70e8f5cbf67fcf\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.22230_none_b7a55991e59bf8e2\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.22230_none_b7a55991e59bf8e2\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6002.18005_none_ce4b84d3cc48e09a\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6002.18005_none_ce4b84d3cc48e09a\CORPER~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18005_none_2401c41a5264a20d\$$DeleteMe.schannel.dll.01ca1b52d62c569e.0005
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18005_none_7e9e65df5fac8e64\$$DeleteMe.msv1_0.dll.01ca1b52d62e526e.0006
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NETFramework\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MI7A16~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MI2DAF~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MICROS~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MICROS~4.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MI3779~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\MIFF44~1.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\migwiz\dlmanifests\TERMIN~4.MAN
Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\licensing\ppdlic\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\lsass.exe
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NET CLR Data\0000\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\.NETFramework\0000\CORPER~2.INI
Status: Locked to the Windows API!

Path: c:\users\gregory\appdata\local\temp\~dfebed.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\gregory\appdata\local\temp\~df4416.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\gregory\appdata\local\temp\~df4b1b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\gregory\appdata\local\temp\~df286e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\WEBCON~1.DEF
Status: Locked to the Windows API!

Path: c:\program files\microsoft sql server\msas10.mssqlserver\olap\log\flightrecordercurrent.trc
Status: Allocation size mismatch (API: 786432, Raw: 32768)

Path: c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\log\fdlauncherrorlog
Status: Allocation size mismatch (API: 520, Raw: 0)

Path: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\BASEAL~1.XML
Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.195.crwl
Status: Allocation size mismatch (API: 280, Raw: 8)

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\ASPhere.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\ASPhere.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\ASPhere.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\ASPhere.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Docking.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Docking.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\TabStrip.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\TabStrip.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\UserInstances8.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\OfficePickers.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\OfficePickers.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\PresentationDesignCore.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\PresentationDesignDeveloper.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\PresentationDesignFramework.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Reason1.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Draft.PresentationDesignMarkup.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.Windows.Forms.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Reason2.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.Samples.SampleData.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.Core.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.Win32.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.Win32.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.CodeEditor.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.CodeEditor.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.SyntaxDocument.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.SyntaxDocument.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Fireball.Windows.Forms.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Lesson07.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Lesson07.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\WebViewerTest.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\WebViewerTest.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.Samples.LiveExplorer.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.Samples.LiveExplorer.exe.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.ThemePack.1.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.ThemePack.1.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.ThemePack.2.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.ThemePack.2.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.Samples.SampleData.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.Views3D.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gregory\AppData\Local\Apps\2.0\H2B6QCVH.WP5\3BZMJ8W3.QRK\manifests\Xceed.Wpf.DataGrid.Views3D.manifest
Status: Locked to the Windows API!

Path: C:\Users\Sample User\AppData\Local\Apps\2.0\LAV1EMCA.AP9\T37XZWCT.2J8\manifests\UserInstances8.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Sample User\AppData\Local\Apps\2.0\LAV1EMCA.AP9\T37XZWCT.2J8\manifests\UserInstances8.exe.manifest
Status: Locked to the Windows API!

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 13 August 2009 - 11:18 AM

Path: C:\WINDOWS\System32\drivers\SKYNETmppicqsp.sys
Status: Invisible to the Windows API!


Please rerun RootRepeal, and then right click on this file and select Wipe File. Then, reboot and run a Quick Scan with Malwarebytes and post back the log.
Computer Pro

#9 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 13 August 2009 - 07:51 PM

I completed your instructions. I wiped the SKYNET sys file, rebooted, ran Anti-Malware again, removed the stuff it found, am posting the log now, and afterwards I will reboot again to complete the removal process.

Here's the log:
Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 6.0.6002 Service Pack 2

8/13/2009 7:48:44 PM
mbam-log-2009-08-13 (19-48-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 538976
Time elapsed: 4 hour(s), 17 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\System32\SKYNETewdqntfo.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\SKYNETxfexxkti.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\SKYNETcbjyydbs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\SKYNETtdgnoexx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\SKYNETmppicqsp.sys (Trojan.Agent) -> Quarantined and deleted successfully.

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 13 August 2009 - 08:24 PM

Ok, we got the rootkit out. Next:

Please run ATF and SAS:
Credits to Boopme

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note 2: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Edition

Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
Computer Pro

#11 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 14 August 2009 - 01:16 AM

Thanks for all of your help thus far.
I have now finished running ATF and SAS in Safe Mode, allowing SAS to quarantine what it found. Here's the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/14/2009 at 00:54 AM

Application Version : 4.27.1002

Core Rules Database Version : 4056
Trace Rules Database Version: 1996

Scan type : Complete Scan
Total Scan Time : 04:00:47

Memory items scanned : 329
Memory threats detected : 0
Registry items scanned : 12010
Registry threats detected : 0
File items scanned : 379455
File threats detected : 57

Adware.Tracking Cookie
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@chitika[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@revsci[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@videoegg.adbureau[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@iacas.adbureau[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@ads.aws.sitepoint[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@eyewonder[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@mediaplex[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@advertising[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@mediafire[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@serw.clicksor[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@pro-market[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@247realmedia[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@casalemedia[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@ehg-groupernetworks.hitbox[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@adbrite[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@www.burstbeacon[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@ad.yieldmanager[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@interclick[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@www.burstnet[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@zedo[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@ads.bleepingcomputer[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@a1.interclick[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@ads.fearzone[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@adultadworld[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@doubleclick[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@mediafire[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@specificmedia[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@specificmedia[3].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\gregory@statcounter[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@a.findarticles[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@ad1.clickhype[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@adinterax[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@ads.joinaxxess[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@adserver.hornymatches[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@adserver5.teracent[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@clickaider[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@clicksor[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@clicktorrent[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@eas.apm.emediate[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@eyewonder[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@financialcontent.advertserve[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@findarticles[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@hornymatches[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@qnsr[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@redorbit[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@richmedia.yahoo[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@stats.thescripts[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@ticketsnow[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.googleadservices[10].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.googleadservices[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.googleadservices[8].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.hornymatches[1].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.ticketsnow[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.toomuchsexy[2].txt
C:\Users\Gregory\AppData\Roaming\Microsoft\Windows\Cookies\Low\gregory@www.warezquality[2].txt

Browser Hijacker.Favorites
C:\USERS\GREGORY\FAVORITES\SECURITY\ONLINE SECURITY TEST.URL

Malware.SpywareNuker
C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS

#12 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 14 August 2009 - 09:50 AM

How are things running now?
Computer Pro

#13 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 14 August 2009 - 12:52 PM

Well, things seem to be running pretty well actually. I reckon I'll consider the problem solved.

Thanks for your help!

Gregory Shields

#14 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 14 August 2009 - 12:54 PM

Ok, then if everything is fine please:

Create a new Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok"
Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" Tab.
Click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.
Computer Pro

#15 G Shields

G Shields
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 15 August 2009 - 08:11 PM

Well, I can't quite follow your last bit of advice. My computer now will only boot up in Safe Mode. I had been out of the room and when I returned the screen was gray. Now Windows never makes it to the login screen. Have you any ideas how to deal with this?

Thanks,
Gregory Shields




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users