Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers redirecting to cliccker.cn


  • This topic is locked This topic is locked
14 replies to this topic

#1 mikaela-konlin

mikaela-konlin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 27 August 2009 - 05:16 PM

Windows Vista Basic

Both IE and FF redirect to cliccker.cn and other shopping websites.
I have tried to run the installed Norton Internet Security but the program hangs and files scanned counter stays in "0".
Have not downloaded Malware Bytes or any other.
Hope somebody can help.
Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 27 August 2009 - 05:34 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 mikaela-konlin

mikaela-konlin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 August 2009 - 05:00 PM

Malwarebytes' Anti-Malware 1.40
Database version: 2708
Windows 6.0.6002 Service Pack 2

8/27/2009 11:04:26 PM
mbam-log-2009-08-27 (23-04-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239328
Time elapsed: 1 hour(s), 1 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Gladys\Downloads\VMware Workstation 6.0.4 Build 93057\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.

#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 28 August 2009 - 05:57 PM

Ok, next:

Please run ATF and SAS:
Credits to Boopme

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note 2: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Edition

Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
Computer Pro

#5 mikaela-konlin

mikaela-konlin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 August 2009 - 08:03 PM

Thanks for your reply, here's the Super log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/28/2009 at 07:52 PM

Application Version : 4.27.1002

Core Rules Database Version : 4075
Trace Rules Database Version: 2015

Scan type : Complete Scan
Total Scan Time : 00:55:48

Memory items scanned : 268
Memory threats detected : 0
Registry items scanned : 6531
Registry threats detected : 0
File items scanned : 129715
File threats detected : 35

Adware.Tracking Cookie
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ad.srving[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.cnn[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.financialcontent[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.lpnads[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.ookla[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.pugetsoundsoftware[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.ucanbonline[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@ads.us.e-planning[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@chitika[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@click2houston[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@collective-media[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@indexstats[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@interclick[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@media6degrees[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@neuroticmedia[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@optimost[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@precisionclick[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@redirect.antracker[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@richmedia.yahoo[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@socialmedia[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@track.cbs[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@tracker.mediatracker.co[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@vlc-media-player.en.softonic[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.click2houston[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[1].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[2].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[3].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[4].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[5].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[6].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[7].txt
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Cookies\Low\gladys@www.googleadservices[9].txt

Trojan.SVCHost/Fake
C:\USERS\GLADYS\DOCUMENTS\ARTURO\PHOTOSHOP CS3 10 EXTENDED\THINSTALL\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}\1000000600002I\SVCHOST.EXE
C:\USERS\GLADYS\DOCUMENTS\ARTURO\PHOTOSHOP CS3 10 EXTENDED\THINSTALL\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}\1000000800002I\SVCHOST.EXE
C:\USERS\GLADYS\DOCUMENTS\DOWNLOADS\_ADOBE_DREAMWEAVER_CS4\ADOBE DREAMWEAVER CS4 PORTABLE\DATA\1000000600002I\SVCHOST.EXE

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 28 August 2009 - 08:31 PM

How are things now?
Computer Pro

#7 mikaela-konlin

mikaela-konlin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 August 2009 - 08:38 PM

Still being redirected both in IE and FF.

http://cliccker.cn/zaW3aFjd5X3qHKC4YmlkPTVCN0Q2MzI0RDcxNTkxMjI0MUU2QzEyRDQ4OEFEQjExJmFpZD0xMDAwMiZzaWQ9MSZ1PWFIUjBjRG92THpZMExqRXhNUzR4T1RZdU1URTNMMk11Y0dod1AzTTlaVTV2Ykd4TmEwOXhhMjlCVWtRdFNWSkxRMXAxYUdRemQxTlJaMGxwYjNwdGVITnRXbEpMVVVkalRFaFFNVGwxUzNGdVZUUnRlRkJHVVdOS1NWTkJVRFpxUW5ObWFrVnJOMk01UW01QmFWTXRkR1pGUVZGblEwVlNSRGhGU1hGdE5sTk9VMFZMVjNCNk1XeFVURE5ZYzBsU1FtRm5jRTQ0TUVSbWR6Wk5hMmhST0d4VE1FbzJTMU5CYlRoelZEUkJlbVJCVW1sUlFVeFpVbmxVVFZsRloxTmhWV05UTkVkTmVtaG5ObXAyT1ZOR1JXUkNiV3RzY0RoSFNXcFNRVVZQZUVKNVMwbG9ZV3hUWTNFNWNWQlJaekpaVFMxemJITXpUMjFOT1dkYU1WODBTbU5sTWt4SVYwWnRObWwwV1RKWldVZDRlREY0Y2taeGJXMTRNRTlZV21VMFUyWTJia3RrTWpWWVRVRk9hSEJXTVVSVVNtd3phblF4ZVdGVVNVcFNOVEZETlZGdGRXRk1XRXhSWVVKZmNqSk1ZazFpU0VsWGVqZGthMkprV0ZOTFJUTjJNR2N5ZFRacFZtaGZOVm93VVdGT05XOWtTeTF6ZGxWelMzVm1SMjU2ZEZaaGVsVnlWVmhXZEdOdlZqTnhlSEZrZGs1eE1XNUNjM1IyTTFoMGRUZFVabTF5TlZkVWJYZHJWREJJYTJWV1R6TnFTbFYwTmkxeVltMUpTMTlaV201TVZVTkdkek5EU2xoU01WaGtkM2RsYzB4RUxXTmhabVkzU0dJNVpHeHdXRnBwVGw5Vk5VYzBlWGM1Ym5NMGNVVnJkRWhFZEdRM1VsOU9kVUV6VjFoTWJtdHFOMWR5WVhaUE5FTk5NMm80Ynkxb1VVUmlPRXRLZDNWM1RIWXRORmxLUjBwZlJVcFpZbnBuVFRFeU5GaFVSRGhvVjE5V2EwOWZVa1F5TUcxRWVrTTJaMGxVZFdWMVlYZHBUREkzZUhZd1RqbDRUbXBqV0dSRVdGZzJVVzFQUjNsRU1GQjNaWFZOYWxwRGRISm9SakpCWkY5dmVXMUtka3c1ZWpZeFVqRTRablZ2VjFOYWJtOVRlVFl0UkdFeE9YWlFUMUJ5UkRNMGVDMVBOMWRJWm01eldGSm9OMlE0WlZSZmRHaGhhMVp2VTFwWGNHa3dPVUkwYlZaaWIxSnVRalJyTVZwV0xYZzJhMlZTZW1abFVHWnNPRjlsV2tSeGNsaHZTRFpTYTBwb1prSjBka3hxZGw4MlUwaEdWMDgzUWxKeFRHOXdaM1J0U0daU1ZWaHdPRGt3T1Y5YWRtTXlTa1kxVkZBNGEzTlVVa2hYTjJVdFlrRkxUbmhFVGxCR2JubFhhbUZxYldneFF6aGFOVVJZYVZaT04xaHJjV0kwZGtaWlNtNU1VbFV0Y0U5WWJVOUNNbFpVUzIxM1JIUlFOazF4ZUcwNGFHdzRTV2swTUU1eU5GTjRTMWRrZUVoTFZXRkhUVmw0VEhSblQyWkxiR3d4T1ZkemEyUTFZVlJaY2s1U1IwOVBhRUZQVGxseFEyZzNiVVI1VW1OMVpUbHNUVE5mVVUwNGNqYzNaVUpQVnpCR1ozZEtablp2WlZWalQxZzVkRFJ3YlZsaU9XUmtaVzVFU1RsdVR6Wm9NVFpWYkdGdE5pMXBlVVJ5VlhKcGJrWTBSRGw2UjJsSVdURnZVMWRIT1dGb2J6bE1PR3hxTTNadWFVOUxlbGsxY1RBMVpsWktVVlZsYkc1aFZuaENNVTFEUkhReU5uVXhMVmM1ZWtjNWRHdGlObHByTURKZlRFTmZUbGhtU2pWbU1VSkpVVEJwVURWak0wUkZhV0ZVWjJsWFZFSnBWMDlRUVY4MGJXZHBZM
But the page doesn't load...

Thanks :thumbsup:

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 28 August 2009 - 08:41 PM

Ok. Lets try SmitFraudFix:

Please download SmitFraudFix
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Computer Pro

#9 mikaela-konlin

mikaela-konlin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 August 2009 - 08:50 PM

SmitFraudFix v2.423

Scan done at 20:44:16.59, Fri 08/28/2009
Run from C:\Users\Gladys\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\V0230Mon.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Users\Gladys\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\Gladys


C:\Users\Gladys\AppData\Local\Temp


C:\Users\Gladys\Application Data


Start Menu


C:\Users\Gladys\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




DNS

Description: Intel® 82562V-2 10/100 Network Connection
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD2E5803-CA9A-48C7-8AFB-D313C518EBAD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD2E5803-CA9A-48C7-8AFB-D313C518EBAD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD2E5803-CA9A-48C7-8AFB-D313C518EBAD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Scanning for wininet.dll infection


End

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 28 August 2009 - 09:02 PM

Lets look for a rootkit:


Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K
Unzip that to your Desktop and then click RootRepeal.exe to open the scanner.

*Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the FILES tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High
Computer Pro

#11 mikaela-konlin

mikaela-konlin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 August 2009 - 09:32 PM

There you go...
***************************

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/28 21:30
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{07685a9b-9388-11de-8e69-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5a2a466f-90f0-11de-abc5-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c90e7390-9366-11de-ab58-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{caf10d8c-9266-11de-9b4c-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e85aa48d-919e-11de-8933-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f4bef00d-902c-11de-9f3f-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\kbiwkmaqrdmpck.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmfpogxgqh.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmqwwfwxtt.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmuvpcvafs.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmxcfpibtj.dat
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\kbiwkmcuxsaurfmf.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\kbiwkmcnirnpnl.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\kbiwkmiitmbrhn.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_57b67ceb7de564e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14a82.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f63b3c292618dec.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_c9dd3cb0e555217c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundisc.dll.01ca1a206358f390.003c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162\$$DeleteMe.SmartcardCredentialProvider.dll.01ca1a2064e252b0.0071
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01ca1a2065cf71d0.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01ca1a2063504100.003a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01ca1a2062b7d190.001d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca1c414b31fd53.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiodg.exe.01ca1a2062bf2490.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiosrv.dll.01ca1a2065b2e920.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\$$DeleteMe.winmm.dll.01ca1a2065394c50.0083
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\$$DeleteMe.authui.dll.01ca1a2064b3efb0.0068
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.0.6001.18000_none_56571935b2b95c99\$$DeleteMe.azroles.dll.01ca1a2062b44f20.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\$$DeleteMe.qmgr.dll.01ca1a20645f6710.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b16c3d098f004f58\$$DeleteMe.bitsigd.dll.01ca1a206427dc50.0055
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\$$DeleteMe.bcrypt.dll.01ca1a2062da26a0.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01ca1a2065aef180.0091
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\$$DeleteMe.comsvcs.dll.01ca1a2064e0a500.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01ca1a20661fdbc0.00ad
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\$$DeleteMe.ci.dll.01ca1a205f305880.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01ca1a20670c3790.00c0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01ca1a20639623a0.003f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01ca1a2065e8c630.00a5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01ca1a2062785790.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01ca1a2064fe3f20.0078
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01ca1a2063cd1220.0047
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e98235317\$$DeleteMe.cryptui.dll.01ca1a20649b85b0.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01ca1a2065dae380.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\$$DeleteMe.dfsr.exe.01ca1a20642ff2a0.0056
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01ca1a2065df7760.00a2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01ca1a20628242a0.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01ca1a20644acda0.0058
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01ca1a2062af1f00.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\$$DeleteMe.d3d9.dll.01ca1a20649d0c50.0064
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\$$DeleteMe.winrnr.dll.01ca1a20662cd410.00b0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsapi.dll.01ca1a2062a16360.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsrslvr.dll.01ca1a20632adeb0.0035
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.0.6001.18000_none_8fa27dabcc867f14\$$DeleteMe.evr.dll.01ca1a2065c93040.009a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll.01ca1a206502fa10.007a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\$$DeleteMe.wevtapi.dll.01ca1a2062843e70.000f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\$$DeleteMe.wevtsvc.dll.01ca1a2062b51270.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\$$DeleteMe.wersvc.dll.01ca1a2064e93080.0072
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01ca1a2065f4d420.00a7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\$$DeleteMe.gdi32.dll.01ca1a2064f51760.0077
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01ca1a206454dfc0.005d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpsvc.dll.01ca1a2065313600.0081
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6000.16386_none_d47586718a839763\$$DeleteMe.hidserv.dll.01ca1a20653aabe0.0084
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a945c1d1\$$DeleteMe.locale.nls.01ca1a2066272ec0.00ae
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll.01ca1a205f367300.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea5489633945\$$DeleteMe.mscms.dll.01ca1a206453f560.005c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01ca1a206306dbf0.002a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\$$DeleteMe.msi.dll.01ca1a2062a90480.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01ca1a2063035980.0029
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01ca1a20644f3a70.005b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsasrv.dll.01ca1a205f3ed770.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.secur32.dll.01ca1a205f4455b0.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-components-jetcore_31bf3856ad364e35_6.0.6001.18000_none_048ebb9ba7b2fc3a\$$DeleteMe.msjet40.dll.01ca1a20631b7560.002f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.msjint40.dll.01ca1a2063b2fa70.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.msjter40.dll.01ca1a2064eeaec0.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.mswstr10.dll.01ca1a2063bf7d90.0045
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetole_31bf3856ad364e35_6.0.6001.18000_none_7750886b9104ab81\$$DeleteMe.msjetoledb40.dll.01ca1a206297ed80.0013
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..ss-components-jetes_31bf3856ad364e35_6.0.6001.18000_none_36b216b9cce86273\$$DeleteMe.msjtes40.dll.01ca1a206418c120.0051
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\$$DeleteMe.mf.dll.01ca1a2062d14d00.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18096_none_06d7363dd61b14c2\$$DeleteMe.WMVCORE.DLL.01ca1a2065c7a9a0.0099
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6001.18000_none_f6aa98ad53755122\$$DeleteMe.mfplat.dll.01ca1a20628fb020.0011
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_55044397b961da8a\$$DeleteMe.MMDevAPI.dll.01ca1a20660e0170.00ab
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\$$DeleteMe.mprapi.dll.01ca1a20627a2c50.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c97257f151a1\$$DeleteMe.mpr.dll.01ca1a2063b78e50.0043
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01ca1a2064ef7210.0075
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\$$DeleteMe.msxml3.dll.01ca1a2065ae0720.0090
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\$$DeleteMe.msvcrt.dll.01ca1a20641b8040.0053
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\$$DeleteMe.FwRemoteSvr.dll.01ca1a206482f4a0.0062
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.FwRemoteSvr.dll.01ca1a206482f4a0.0062
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01ca1a2063e777f0.004e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f19c0ea3\$$DeleteMe.ncrypt.dll.01ca1a2064ad38f0.0065
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\$$DeleteMe.netapi32.dll.01ca1a20654978f0.0089
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.16708_none_65c29499dcf31c4e\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.20864_none_660750b4f644fe62\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.22208_none_6832700af3374d09\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6002.18005_none_698c4815d742b0ac\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\$$DeleteMe.netshell.dll.01ca1a2065aa0f80.008e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.BFE.DLL.01ca1a205f2b2860.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.FWPUCLNT.DLL.01ca1a205f1cd080.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.IKEEXT.DLL.01ca1a205f43b970.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6001.18000_none_bd002a8dfb7a3328\$$DeleteMe.oleaut32.dll.01ca1a206329cd40.0034
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de41fc2dac16\$$DeleteMe.ntdll.dll.01ca1a205f31df20.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\$$DeleteMe.cscapi.dll.01ca1a2065de8d00.00a1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\$$DeleteMe.win32spl.dll.01ca1a2063113c30.002d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\$$DeleteMe.perfdisk.dll.01ca1a2065586d10.008c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..pooler-core-spoolss_31bf3856ad364e35_6.0.6001.18000_none_5b3992df8e604356\$$DeleteMe.spoolss.dll.01ca1a2064ba7f60.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\$$DeleteMe.inetpp.dll.01ca1a2063218fe0.0031
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\$$DeleteMe.pdh.dll.01ca1a206416ec60.0050
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\$$DeleteMe.tcpmon.dll.01ca1a2066199a30.00ac
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6001.18000_none_932df61f18add086\$$DeleteMe.winspool.drv.01ca1a20655ba160.008d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.0.6001.18000_none_16d3442ddf994157\$$DeleteMe.WSDMon.dll.01ca1a2062f046b0.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-pantherengine_31bf3856ad364e35_6.0.6001.18000_none_ae116f90a5d6b7d4\$$DeleteMe.wdscore.dll.01ca1a20646c5f60.0060
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\$$DeleteMe.spoolsv.exe.01ca1a2065baff70.0094
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6001.18000_none_fbb1576d32ad0ba9\$$DeleteMe.profsvc.dll.01ca1a20650f5620.007c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\$$DeleteMe.propsys.dll.01ca1a20630889a0.002b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6001.18000_none_6d377f6a4f85327c\$$DeleteMe.rasapi32.dll.01ca1a2062933290.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18000_none_12bf0305774c76e6\$$DeleteMe.raschap.dll.01ca1a206322c860.0032
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasdlg_31bf3856ad364e35_6.0.6001.18000_none_6d133c0e4fa0edb1\$$DeleteMe.rasdlg.dll.01ca1a20627941f0.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.18000_none_9ebd9641a0a88359\$$DeleteMe.rasmans.dll.01ca1a2064da6370.006f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasplap_31bf3856ad364e35_6.0.6001.18000_none_1236753177b2477f\$$DeleteMe.rasplap.dll.01ca1a2065c20450.0097
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasppp_31bf3856ad364e35_6.0.6001.18000_none_6c94b11e4fff8902\$$DeleteMe.rasppp.dll.01ca1a2063bae9b0.0044
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rastapi_31bf3856ad364e35_6.0.6001.18000_none_0ee42a5979dd0144\$$DeleteMe.rastapi.dll.01ca1a2064eab720.0073
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18000_none_6c652bee5023e04d\$$DeleteMe.rastls.dll.01ca1a20647a9030.0061
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6001.18000_none_9d00b3d6829ba4d0\$$DeleteMe.riched20.dll.01ca1a20638e3460.003e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.18000_none_5fc70fc7b14478d4\$$DeleteMe.rsaenh.dll.01ca1a2063ab0b30.0040
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.0.6001.18000_none_18e47a437999387f\$$DeleteMe.WinSCard.dll.01ca1a2064321580.0057
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.0.6001.18000_none_b924e3b3889aaa51\$$DeleteMe.scesrv.dll.01ca1a2065fb3cc0.00a9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\$$DeleteMe.authz.dll.01ca1a20654a6350.008a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\$$DeleteMe.ntmarta.dll.01ca1a2063da7fa0.004c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6001.18000_none_c51f5aefa5ed5be4\$$DeleteMe.SLC.dll.01ca1a2063dc5460.004d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6001.18000_none_3d4df24ae03752d7\$$DeleteMe.sysmain.dll.01ca1a2064198470.0052
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\$$DeleteMe.rtutils.dll.01ca1a2063320aa0.0036
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED8D0~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3C2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED85F~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC362~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEE61C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\$$DeleteMe.services.exe.01ca1a2062ebb2d0.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18294_none_b485cd83d70f4676\$$DeleteMe.urlmon.dll.01ca1a206526fcd0.007f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\$$DeleteMe.scecli.dll.01ca1a2062776d30.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\$$DeleteMe.netlogon.dll.01ca1a2062f3c920.0026
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\$$DeleteMe.schannel.dll.01ca1a2064b9bc10.0069
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\$$DeleteMe.vbscript.dll.01ca1a2063184110.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18000_none_e6d6dd2bb0cd8ff8\$$DeleteMe.kerberos.dll.01ca1a206534df80.0082
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6001.18000_none_4e777d79f985fac8\$$DeleteMe.SLsvc.exe.01ca1a206334a2b0.0037
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\$$DeleteMe.slwga.dll.01ca1a2064160200.004f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18000_none_7cb2ecd3628ac318\$$DeleteMe.msv1_0.dll.01ca1a2064d66bd0.006e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6001.18000_none_f9d9b204a4aeeb4a\$$DeleteMe.shlwapi.dll.01ca1a2063d1a600.0049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6001.18000_none_34f559b0c63dda55\$$DeleteMe.setupapi.dll.01ca1a2065148640.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\$$DeleteMe.shell32.dll.01ca1a2064cd9230.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\$$DeleteMe.shsvcs.dll.01ca1a2064b2de40.0067
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-smbserver_31bf3856ad364e35_6.0.6001.18000_none_f8f4e8f8eadb7d91\$$DeleteMe.srvsvc.dll.01ca1a2063478e70.0039
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\$$DeleteMe.smss.exe.01ca1a205ef39da0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-snmp-winsnmp-api_31bf3856ad364e35_6.0.6001.18000_none_e04d7d11c2a2726e\$$DeleteMe.wsnmp32.dll.01ca1a206356d0b0.003b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-spp-main_31bf3856ad364e35_6.0.6001.18000_none_e446f6c1acdcd00d\$$DeleteMe.spp.dll.01ca1a2065f34d80.00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\$$DeleteMe.srclient.dll.01ca1a2062b5fcd0.001c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\$$DeleteMe.IPHLPAPI.DLL.01ca1a206346a410.0038
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6001.18000_none_6894fbcadc3bb34f\$$DeleteMe.taskcomp.dll.01ca1a2065bcfb40.0095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.0.6001.18000_none_75c3b019eec51999\$$DeleteMe.msctf.dll.01ca1a20628d3f20.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\$$DeleteMe.termsrv.dll.01ca1a2065cd9d10.009b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\$$DeleteMe.tapisrv.dll.01ca1a2063b3e4d0.0042
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\$$DeleteMe.schedsvc.dll.01ca1a2063cf5c10.0048
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\$$DeleteMe.w32time.dll.01ca1a2065446fe0.0086
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\$$DeleteMe.TrustedInstaller.exe.01ca1a206b05fa70.00c2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-unimodem-core-tsp_31bf3856ad364e35_6.0.6001.18000_none_add9f22acf970298\$$DeleteMe.unimdm.tsp.01ca1a206324eb40.0033
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\$$DeleteMe.user32.dll.01ca1a2062f74b90.0027
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.0.6001.18000_none_90406a734b42d9a2\$$DeleteMe.userenv.dll.01ca1a2065e03ab0.00a3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\$$DeleteMe.powrprof.dll.01ca1a2065b3d380.0093
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\$$DeleteMe.version.dll.01ca1a206298d7e0.0014
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6001.18000_none_d4e6de5081c1ab4e\$$DeleteMe.vssapi.dll.01ca1a2062d25e70.0020
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\$$DeleteMe.mswsock.dll.01ca1a20646b9c10.005f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.0.6001.18000_none_1d7020d85d93d705\$$DeleteMe.wmpmde.dll.01ca1a20644b90f0.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_6.0.6001.18000_none_cfaaf131060fcb85\$$DeleteMe.cimwin32.dll.01ca1a2066663390.00b8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\$$DeleteMe.usp10.dll.01ca1a20631d7130.0030
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\$$DeleteMe.wiaservc.dll.01ca1a20654707f0.0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.0.6000.16386_none_9196a743555429b0\$$DeleteMe.davclnt.dll.01ca1a2065ce8770.009c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.0.6001.18000_none_5525c9bcb3b1a381\$$DeleteMe.WebClnt.dll.01ca1a20652d1750.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18000_none_b67e96a29c5535ab\$$DeleteMe.winsrv.dll.01ca1a20630afaa0.002c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\$$DeleteMe.winlogon.exe.01ca1a2065d7fd50.009f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22\$$DeleteMe.fastprox.dll.01ca1a206668a490.00ba
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\$$DeleteMe.WmiPrvSD.dll.01ca1a20666a5240.00bc
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\$$DeleteMe.WmiPrvSE.exe.01ca1a2066632650.00b5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.0.6001.18000_none_7e41b9e130eb1f1b\$$DeleteMe.repdrvfs.dll.01ca1a20666b3ca0.00bd
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.esscli.dll.01ca1a206664fb10.00b7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.NCProv.dll.01ca1a2066645ed0.00b6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.wbemprox.dll.01ca1a2066728fa0.00bf
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.wbemsvc.dll.01ca1a206669b600.00bb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.wmiutils.dll.01ca1a20665e4450.00b4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18000_none_cc3a17edd6d1c174\$$DeleteMe.wkssvc.dll.01ca1c414b106b93.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\$$DeleteMe.PortableDeviceApi.dll.01ca1a2064cbe480.006c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wsd-challengecomponent_31bf3856ad364e35_6.0.6000.16386_none_2240e747a669f6a5\$$DeleteMe.wsdchngr.dll.01ca1a20636c0660.003d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef70\$$DeleteMe.winhttp.dll.01ca1a2062fc2d90.0028
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6001.18000_none_9a143b78c7dcbd99\$$DeleteMe.MPSSVC.dll.01ca1a20653b6f30.0085
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\$$DeleteMe.wininet.dll.01ca1a2064af0db0.0066
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18165_none_0be85c8df276c1fb\$$DeleteMe.AcGenral.dll.01ca1a2062651db0.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\$$DeleteMe.WindowsCodecs.dll.01ca1a20662b9b90.00af
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\$$DeleteMe.iertutil.dll.01ca1a2064232160.0054
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18000_none_beb38cd34d56a01d\$$DeleteMe.WSDApi.dll.01ca1a2063ca7a10.0046
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmp.dll.01ca1a2062b364c0.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmploc.DLL.01ca1a2063d5c4b0.004b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7241d92c8344e\$$DeleteMe.localspl.dll.01ca1a2065d194b0.009e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01ca1a2063d2b770.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\$$DeleteMe.rpcss.dll.01ca1a2065abbd30.008f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6002.18005_none_f52661bc15faf3ee\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\$$DeleteMe.msxml6.dll.01ca1a20663addd0.00b2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\$$DeleteMe.WMIsvc.dll.01ca1a206667e140.00b9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.0.6001.18000_none_e1bfb2e3d6d1ae75\$$DeleteMe.wbemcore.dll.01ca1a20667045b0.00be
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_6.0.6001.18000_none_63d54f242fa0e73f\$$DeleteMe.wbemess.dll.01ca1a206655dfe0.00b3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine.resources_31bf3856ad364e35_7.0.6001.16503_en-us_8098ad9eb2e68e7c\$$DeleteMe.tquery.dll.mui.01ca1a2067e61cd0.00c1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.msscb.dll.01ca1a2065567140.008b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.mssprxy.dll.01ca1a206500d730.0079
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.mssrch.dll.01ca1a2065080320.007b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.SearchIndexer.exe.01ca1a2064f1e310.0076
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.tquery.dll.01ca1a2065121540.007d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\$$DeleteMe.rpcrt4.dll.01ca1a2065e43250.00a4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\$$DeleteMe.wscsvc.dll.01ca1a20662d9760.00b1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01ca1a20644e5010.005a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\$$DeleteMe.scrrun.dll.01ca1a2062a81a20.0016
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\$$DeleteMe.wshom.ocx.01ca1a2062d6a430.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\$$DeleteMe.NaturalLanguage6.dll.01ca1a2065fe9820.00aa
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01ca1a2064bb69c0.006b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\$$DeleteMe.wmp.dll.01ca1c414af198f3.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\$$DeleteMe.wmploc.DLL.01ca1c414affc9c3.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6001.18000_none_6e2e1b42c4ccee49\$$DeleteMe.drmv2clt.dll.01ca1a206545f680.0087
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6001.18000_none_6e2e1b42c4ccee49\$$DeleteMe.wmdrmsdk.dll.01ca1a2065c2c7a0.0098
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 491520, Raw: 229376)

Path: C:\Windows\winsxs\Temp\PendingDeletes\PortableDeviceClassExtension.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\PortableDeviceTypes.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\lpk.dll
Status: Locked to the Windows API!

Path: C:\Windows\inf\MSDTC Bridge 3.0.0.0\0000\_TRANS~2.INI
Status: Locked to the Windows API!

Path: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\bash\shl_{4a97b44c-e87f-4cbe-9651-c67fa1be4bbb}.ldb
Status: Allocation size mismatch (API: 64, Raw: 0)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SECURI~3.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SED8D0~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SED85F~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEC362~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEE61C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEC3C2~1.XRM
Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.231.crwl
Status: Allocation size mismatch (API: 272, Raw: 144)

Path: C:\Users\Gladys\AppData\Local\Apps\2.0\WK51MAVN.D6W\YEMTDQWJ.HCE\manifests\Citrix Online Application Starter.cdf-ms
Status: Locked to the Windows API!

Path: C:\Users\Gladys\AppData\Local\Apps\2.0\WK51MAVN.D6W\YEMTDQWJ.HCE\manifests\Citrix Online Application Starter.manifest
Status: Locked to the Windows API!

Path: c:\users\gladys\appdata\local\mozilla\firefox\profiles\gtsk0d08.default\cache\_cache_001_
Status: Allocation size mismatch (API: 1835008, Raw: 1638400)

Path: c:\users\gladys\appdata\local\mozilla\firefox\profiles\gtsk0d08.default\cache\_cache_002_
Status: Allocation size mismatch (API: 2031616, Raw: 1900544)

Path: D:\System Volume Information\{3d7550ca-6ff3-11de-9b59-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{07685a9a-9388-11de-8e69-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{293bd14f-7568-11de-8905-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{321059ce-719a-11de-a794-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{d89b286d-7ba6-11de-a80e-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{d89b2877-7ba6-11de-a80e-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{e4fdbd4a-7d2d-11de-8a85-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{e85aa48c-919e-11de-8933-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{f4bef00c-902c-11de-9f3f-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{838b0f6b-7c97-11de-8398-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{883a28d3-6b1a-11de-84a8-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{8b24af49-85d9-11de-9444-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{8b24af77-85d9-11de-9444-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{8b24af81-85d9-11de-9444-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{92ec2d4f-79f7-11de-b245-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{97225d4f-707d-11de-b816-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{50926d49-68dd-11de-a8ea-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{53228a4f-722e-11de-9173-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{5a2a466e-90f0-11de-abc5-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{637aa9cf-6c1d-11de-b10b-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{657aaecf-7adf-11de-b441-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{c90e738f-9366-11de-ab58-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{caf10d8b-9266-11de-9b4c-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{cc92c0d0-6982-11de-a7bf-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{d27c9055-72f8-11de-8087-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{9e8cf24a-6d6f-11de-8576-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{a82c5deb-6e34-11de-a7d5-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: D:\System Volume Information\{aaac7d50-6ca5-11de-8e3b-00219b01765b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

#12 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 28 August 2009 - 09:35 PM

Well, its what I thought. You have a rootkit. Since there are some hard to remove rootkits on the loose right now, I am going to have to send you to the HJT forum for better assistance.

It looks like we are going to have to use more powerful tools than what we are allowed to use in the Am I Infected forum. I am going to need for you to post a DDS/HijackThis Log in the HijackThis Log section of the forum.

Please refer to this for your preparation reasons before posting:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

You can find the forum here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Once you have created a new topic in the HijackThis section, please post a link to it in this topic.
Please allow time for your topic to be replied to in the HijackThis section as the HJT Team is EXTREMELY busy posting logs before yours.
Computer Pro

#13 mikaela-konlin

mikaela-konlin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 August 2009 - 12:34 AM

Topic created: http://www.bleepingcomputer.com/forums/t/253576/ie-and-ff-redirecting-to-clicckercn-and-others/

#14 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 PM

Posted 30 August 2009 - 01:16 PM

Ok, good luck!
Computer Pro

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:43 PM

Posted 01 September 2009 - 12:04 AM

Hello,

Now comes the hard part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users