Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit, google redirect...


  • Please log in to reply
1 reply to this topic

#1 Tona

Tona

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 PM

Posted 27 August 2009 - 11:43 PM

Hey everyone so I am having major issues...Im getting blue screen crash, windows antivirus pro virus, rootkit cloaked service gen, and also google searches are being redirected.
I have ran superantispyware several times and when i do it says i have a rootkit cloaked and always says it was quarantined but always comes back in each new scan.
I am unsure if i have several viruses causing all of these things or if it is all connected. I just know I would greatly appreciate some help in these matters.
i have ran rootrepeal and will add the report now...
Thank you in advance to anyone who is willing to help me!:thumbsup:



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 21:57
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E5E3000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8E5EE000 Size: 40960 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\Windows\system32\Drivers\mchInjDrv.sys
Address: 0xADCFD000 Size: 2560 File Visible: No Signed: -
Status: -

Name: qizvlsxm.sys
Image Path: C:\Windows\system32\drivers\qizvlsxm.sys
Address: 0x8CA00000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xADD14000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spvs.sys
Image Path: C:\Windows\System32\Drivers\spvs.sys
Address: 0x82C97000 Size: 1052672 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{10605df9-92dc-11de-b270-00a0d19a7b8b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7c629344-9221-11de-a4a3-00a0d19a7b8b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\program files\spyware doctor\kdsinterface.txt
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: C:\Windows\System32\kbiwkmxfmxxsib.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmctkcjhyr.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmfwmrxcpm.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmibminemr.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmkqrmibyw.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmqctiexrs.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmtfpnpkvq.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmvroxqrxm.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmwjptevei.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmwooxoqhe.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmxiivncca.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmxqynnwaq.dat
Status: Invisible to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Networking\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\kbiwkmppbfdhbs.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\kbiwkmvniplqqn.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\kbiwkmxrcigswp.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\wbem\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f3c343567eb07e928a24a5c8b8bf732a5523d0acd4762015ba309f48255a5baf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\9f4b272407008a230979f286064e895aa72cac13cd57d536a67ea34c9dd91a2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca1bee92079e9d.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\$$DeleteMe.iertutil.dll.01c95d0427fa4800.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\$$DeleteMe.iertutil.dll.01c98cf2aaa94cb0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\$$DeleteMe.mf.dll.01c95d0426e62880.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_en-us_0186d9b7953a1394\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_en-us_0186d9b7953a1394\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_en-us_01d297d8ae85a709\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_en-us_01d297d8ae85a709\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0382b64f92506f7c\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\$$DeleteMe.win32spl.dll.01c95dcb59e20250.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9\$$DeleteMe.wdigest.dll.01ca1cb653debba0.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18000_none_7cb2ecd3628ac318\$$DeleteMe.msv1_0.dll.01ca1cb654477820.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18000_none_22164b0e5542d6c1\$$DeleteMe.schannel.dll.01c9a2e9ea7f1b00.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\$$DeleteMe.schannel.dll.01ca1cb654346d20.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\$$DeleteMe.shell32.dll.01c95d0428eab2e0.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.16720_none_96e889a4e6710a32\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.20883_none_8020a04900134f25\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18000_none_96c284fce6c3e38a\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-mscoree_dll_31bf3856ad364e35_6.0.6001.18000_none_b55ffc255629a804\$$DeleteMe.mscoree.dll.01c9a67fd2b0a860.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_325d54542ee2dcf0\$$DeleteMe.mscorwks.dll.01c9a67fd55bd300.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_c5e14f032f533a9c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_c6260b1e48a51cb0\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_c7643be32cc49731\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363fa\$$DeleteMe.winhttp.dll.01c9bda2b14b3f20.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\$$DeleteMe.gdi32.dll.01c95d0429e704a0.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01c9bda2af3f90a0.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\$$DeleteMe.wmp.dll.01c9a2e9eb7448a0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\$$DeleteMe.wmploc.DLL.01c9a2e9ebbbb1e0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmp.dll.01ca1bee84eb4bdd.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmploc.DLL.01ca1bee8ad2d4fd.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\$$DeleteMe.rpcrt4.dll.01c9e9a4e1a171ca.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\$$DeleteMe.wininet.dll.01c95d0428467400.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\$$DeleteMe.wininet.dll.01c98cf2aae26db0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01c9bda2ab8c2d60.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\$$DeleteMe.wininet.dll.01c9e9a4e060182a.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\$$DeleteMe.wininet.dll.01c9fc7e46b68f50.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18112_none_0c1b6b4bf250ea41\$$DeleteMe.AcGenral.dll.01c95d042968dbc0.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\$$DeleteMe.urlmon.dll.01c95d04277c1f20.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\$$DeleteMe.urlmon.dll.01c98cf2aa10f4b0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01c9bda2a9b01a60.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18226_none_b4d37d8bd6d4b58d\$$DeleteMe.urlmon.dll.01c9e9a4df19fbca.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$DeleteMe.urlmon.dll.01c9fc7e4b1092d0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01c9bda2aaf89820.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\$$DeleteMe.iertutil.dll.01c9e9a4e00cc80a.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.iertutil.dll.01c9fc7e47729bf0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18000_none_f54adc8015a95fda\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18000_none_f54adc8015a95fda\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_en-us_0378e8939257a1eb\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_en-us_0378e8939257a1eb\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22230_en-us_03ebe53cab866040\_DATAO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22230_en-us_03ebe53cab866040\_DATAP~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18111_none_96c36e5ae6c316d3\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES
Status: Locked to the WProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1380 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: kbiwkmwooxoqhe.dll]
Process: iexplore.exe (PID: 4964) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: kbiwkmwooxoqhe.dll]
Process: iexplore.exe (PID: 5164) Address: 0x10000000 Size: 28672

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84f031f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84f011f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84f011f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84f011f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84f011f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84f011f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84f011f8 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_CREATE]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_CLOSE]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_READ]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_WRITE]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_POWER]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: cdromђ蜏Ђ潉菠虉, IRP_MJ_PNP]
Process: System Address: 0x8532f500 Size: 121

Object: Hidden Code [Driver: avvs46ocІ癅, IRP_MJ_CREATE]
Process: System Address: 0x85376500 Size: 121

Object: Hidden Code [Driver: avvs46ocІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x85376500 Size: 121

Object: Hidden Code [Driver: avvs46ocІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85376500 Size: 121

Object: Hidden Code [Driver: avvs46ocІ癅, IRP_MJ_POWER]
Process: System Address: 0x85376500 Size: 121

Object: Hidden Code [Driver: avvs46ocІ癅, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85376500 Size: 121

Object: Hidden Code [Driver: avvs46ocІ癅, IRP_MJ_PNP]
Process: System Address: 0x85376500 Size: 121

Object: Hidden Code [Driver: ah7zc1fxЂ潉菠虉, IRP_MJ_CREATE]
Process: System Address: 0x85364320 Size: 121

Object: Hidden Code [Driver: ah7zc1fxЂ潉菠虉, IRP_MJ_CLOSE]
Process: System Address: 0x85364320 Size: 121

Object: Hidden Code [Driver: ah7zc1fxЂ潉菠虉, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85364320 Size: 121

Object: Hidden Code [Driver: ah7zc1fxЂ潉菠虉, IRP_MJ_POWER]
Process: System Address: 0x85364320 Size: 121

Object: Hidden Code [Driver: ah7zc1fxЂ潉菠虉, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85364320 Size: 121

Object: Hidden Code [Driver: ah7zc1fxЂ潉菠虉, IRP_MJ_PNP]
Process: System Address: 0x85364320 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_CREATE]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_CLOSE]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_POWER]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: usbuhciЎ湩整梠蔯㈐蔴菠苇ံH, IRP_MJ_PNP]
Process: System Address: 0x853b7500 Size: 121

Object: Hidden Code [Driver: Smb前Ї慖⁤唐蘘, IRP_MJ_CREATE]
Process: System Address: 0x859571f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї慖⁤唐蘘, IRP_MJ_CLOSE]
Process: System Address: 0x859571f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї慖⁤唐蘘, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859571f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї慖⁤唐蘘, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x859571f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї慖⁤唐蘘, IRP_MJ_CLEANUP]
Process: System Address: 0x859571f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї慖⁤唐蘘, IRP_MJ_PNP]
Process: System Address: 0x859571f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x859643b0 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x859643b0 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859643b0 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x859643b0 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x859643b0 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x859643b0 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_CREATE]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_CLOSE]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_POWER]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЈ瑎牦蔵丨蔽, IRP_MJ_PNP]
Process: System Address: 0x85498500 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84eff1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_CREATE]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_CLOSE]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_POWER]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: usbehciルм牉⁰ǘ, IRP_MJ_PNP]
Process: System Address: 0x853da1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x84f021f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84f021f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x84f021f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x8640c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_CREATE]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_CLOSE]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_READ]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_WRITE]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_CLEANUP]
Process: System Address: 0x85f2c500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤仁藼୐薗䮰蘒⒀, IRP_MJ_PNP]
Process: System Address: 0x85f2c500 Size: 121

Hidden Services
-------------------
Service Name: kbiwkmyqxbuoik
Image Path: C:\Windows\system32\drivers\kbiwkmxrcigswp.sys

==EOF==

Edited by Tona, 27 August 2009 - 11:49 PM.


BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 01 September 2009 - 05:07 PM

Hello and welcome to Bleeping Computer.

Ok you have a rootkit, and I am going to have to refer you to the HJT forum as there some rootkits on the loose right now that require a custom script to remove of which I cannot provide:

It looks like we are going to have to use more powerful tools than what we are allowed to use in the Am I Infected forum. I am going to need for you to post a DDS/HijackThis Log in the HijackThis Log section of the forum.

Please refer to this for your preparation reasons before posting:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

You can find the forum here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Once you have created a new topic in the HijackThis section, please post a link to it in this topic.
Please allow time for your topic to be replied to in the HijackThis section as the HJT Team is EXTREMELY busy posting logs before yours.

Good Luck!
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users