Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help..you guys were great before.


  • This topic is locked This topic is locked
7 replies to this topic

#1 ncdrawl

ncdrawl

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 09 October 2009 - 10:09 PM

Referred from: http://www.bleepingcomputer.com/forums/t/263010/you-folks-helped-me-tremendously-once-now-i-need-help-again/ ~ OB

Cannot update Windows Vista ....

here are the logs...

ROOT REPEAL LOG

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/08 23:17
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x93106000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x930FB000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x9310E000 Size: 69632 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\Windows\system32\drivers\rootrepeal2.sys
Address: 0xA156B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spsz.sys
Image Path: C:\Windows\System32\Drivers\spsz.sys
Address: 0x8068F000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{1e775bdc-b233-11de-8061-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e775be1-b233-11de-8061-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e775bea-b233-11de-8061-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e775bef-b233-11de-8061-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e775bf3-b233-11de-8061-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e775bf7-b233-11de-8061-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{28f16526-b114-11de-a4f4-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{28f16537-b114-11de-a4f4-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b907e7-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b907fc-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b90804-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b9080c-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b90811-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b90816-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b9081e-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91b90823-ab79-11de-af65-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b12447eb-b408-11de-aa5c-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b12447fa-b408-11de-aa5c-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Teddy\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Windows\System32\en\AUTHFW~2.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c
2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf
c6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc
0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003
bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e
1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe7680
6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d606
51e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e2
0e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea
1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0ef
b442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab
ac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce4
7260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f
59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0e
bd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f2
1d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c3
5eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c
94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd
a6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f3
9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61
305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b
5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8
cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b9
8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850
4d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898
0e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98
ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.16720_none_a7f9fcdcd724c803\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.20883_none_91321380f0c70cf6\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18000_none_a7d3f834d777a15b\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18111_none_a7d4e192d776d4a4\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.22230_none_9109522ef11c4db7\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6002.18005_none_a7af7d70d7c9356f\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6001.18000_none_d1b1affa515cd235\BASEAL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6002.18005_none_d39d29064e7e9d81\BASEAL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638
6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fd
d9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641e
f282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9
d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182
ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8
\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb
\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69
\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c
\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3\AUTHFW~2.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1156 Status: Locked to the Windows API!

SSDT
-------------------
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8fd420b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x853cd1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x86ef03b8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x853cc1f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_CREATE]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_CLOSE]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_READ]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_WRITE]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_POWER]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: cdrom蘾, IRP_MJ_PNP]
Process: System Address: 0x863e71f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86e781f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x864061f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x869241f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x869241f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869241f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869241f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x869241f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x869241f8 Size: 121

Object: Hidden Code [Driver: Devic, IRP_MJ_CREATE]
Process: System Address: 0x86ae0500 Size: 121

Object: Hidden Code [Driver: Devic, IRP_MJ_CLOSE]
Process: System Address: 0x86ae0500 Size: 121

Object: Hidden Code [Driver: Devic, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ae0500 Size: 121

Object: Hidden Code [Driver: Devic, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ae0500 Size: 121

Object: Hidden Code [Driver: Devic, IRP_MJ_CLEANUP]
Process: System Address: 0x86ae0500 Size: 121

Object: Hidden Code [Driver: Devic, IRP_MJ_PNP]
Process: System Address: 0x86ae0500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_CREATE]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_CLOSE]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_POWER]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쨈警煐谕, IRP_MJ_PNP]
Process: System Address: 0x864171f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x853ca1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86408500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_CREATE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_CLOSE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_READ]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_WRITE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_QUERY_EA]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SET_EA]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_CLEANUP]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_POWER]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: mrxsmb벨蜋潉†綸蝕ᒘ蜾Ћ瑅퉷怠蜽, IRP_MJ_PNP]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CREATE]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_READ]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_WRITE]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SHUTDOWN]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLEANUP]
Process: System Address: 0x878e31f8 Size: 121

Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_PNP]
Process: System Address: 0x878e31f8 Size: 121

==EOF==

===========================================================================================================
888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

DDS LOG

DDS (Ver_09-09-29.01) - NTFSx86
Run by Teddy at 23:04:11.87 on Fri 10/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.2203 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Genex Audio\GXHostService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\JulaPAN.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Teddy\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [JulaPAN.exe] JulaPAN.exe
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\teddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\teddy\appdata\roaming\mozilla\firefox\profiles\fcdwzc5f.default\
FF - component: c:\users\teddy\appdata\roaming\mozilla\firefox\profiles\fcdwzc5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\system32\drivers\Jula.sys [2009-3-29 48672]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2009-8-19 1705280]
R2 Genex GX90XX Host;Genex USB host service;c:\program files\genex audio\GXHostService.exe [2005-12-15 98304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\system32\drivers\JulaWDM.sys [2009-3-29 35872]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\magix\samplitude_10_pro\mxasio.sys [2009-2-8 4899]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 US224;US224 Driver;c:\windows\system32\drivers\US224.sys [2009-8-23 150272]
S3 US224DL;US224 Firmware Downloader;c:\windows\system32\drivers\US224DL.sys [2009-8-23 18176]
S3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\drivers\US224Wdm.sys [2009-8-23 39296]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [2008-2-28 829952]

=============== Created Last 30 ================

2009-10-08 15:46 --d----- c:\program files\SUPERAntiSpyware
2009-10-08 03:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 03:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-08 03:53 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-07 14:59 --d----- C:\Ryan Adams
2009-10-03 23:55 --d----- c:\program files\Songsmith
2009-10-03 01:37 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-30 01:17 881,664 a------- c:\windows\system32\xvidcore.dll
2009-09-30 01:17 839,680 a------- c:\windows\system32\lameACM.acm
2009-09-30 01:17 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-09-30 01:17 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-09-30 01:17 178,176 a------- c:\windows\system32\unrar.dll
2009-09-30 01:17 118,784 a------- c:\windows\system32\ac3acm.acm
2009-09-30 01:17 414 a------- c:\windows\system32\lame_acm.xml
2009-09-30 01:17 38 a------- c:\windows\avisplitter.ini
2009-09-30 01:17 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-09-30 01:17 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-09-26 16:25 --d----- c:\windows\CheckSur
2009-09-25 23:58 --d----- C:\Jerome Hines
2009-09-25 10:43 --d----- c:\program files\BitLocker
2009-09-25 03:51 --d----- c:\program files\Genex Audio
2009-09-25 02:18 --d----- c:\windows\system32\drivers\hr-HR
2009-09-25 02:18 --d----- c:\windows\hr-HR
2009-09-25 02:11 671,412 a------- c:\windows\system32\perfh015.dat
2009-09-25 02:11 332,832 a------- c:\windows\system32\perfi015.dat
2009-09-25 02:11 132,200 a------- c:\windows\system32\perfc015.dat
2009-09-25 02:11 37,468 a------- c:\windows\system32\perfd015.dat
2009-09-25 02:10 --d----- c:\windows\pl-PL
2009-09-25 02:10 --d----- c:\windows\system32\drivers\pl-PL
2009-09-25 02:10 --d----- c:\windows\system32\wbem\pl-PL
2009-09-25 02:10 --d----- c:\windows\system32\pl
2009-09-25 02:10 --d----- c:\windows\system32\0415
2009-09-25 02:03 447,520 a------- c:\windows\system32\perfh001.dat
2009-09-25 02:03 285,290 a------- c:\windows\system32\perfi001.dat
2009-09-25 02:03 82,318 a------- c:\windows\system32\perfc001.dat
2009-09-25 02:03 41,018 a------- c:\windows\system32\perfd001.dat
2009-09-25 02:02 --d----- c:\windows\fr-FR
2009-09-25 02:02 --d----- c:\windows\system32\040C
2009-09-25 02:02 --d----- c:\windows\ar-SA
2009-09-25 02:02 --d----- c:\windows\system32\fr
2009-09-25 02:02 --d----- c:\windows\system32\drivers\fr-FR
2009-09-25 02:02 --d----- c:\windows\system32\drivers\ar-SA
2009-09-25 02:02 --d----- c:\windows\system32\ar
2009-09-25 02:02 --d----- c:\windows\system32\wbem\fr-FR
2009-09-25 02:02 --d----- c:\windows\system32\wbem\ar-SA
2009-09-25 01:54 626,404 a------- c:\windows\system32\perfh007.dat
2009-09-25 01:54 290,748 a------- c:\windows\system32\perfi007.dat
2009-09-25 01:54 127,056 a------- c:\windows\system32\perfc007.dat
2009-09-25 01:54 36,916 a------- c:\windows\system32\perfd007.dat
2009-09-25 01:54 --d----- c:\windows\de-DE
2009-09-25 01:53 --d----- c:\windows\system32\drivers\de-DE
2009-09-25 01:53 --d----- c:\windows\system32\0407
2009-09-25 01:53 --d----- c:\windows\system32\wbem\de-DE
2009-09-25 01:53 --d----- c:\windows\system32\de
2009-09-25 01:45 332,666 a------- c:\windows\system32\perfi019.dat
2009-09-25 01:45 662,222 a------- c:\windows\system32\perfh019.dat
2009-09-25 01:45 130,344 a------- c:\windows\system32\perfc019.dat
2009-09-25 01:45 38,684 a------- c:\windows\system32\perfd019.dat
2009-09-25 01:44 --d----- c:\windows\system32\drivers\ru-RU
2009-09-25 01:44 --d----- c:\windows\system32\0419
2009-09-25 01:44 --d----- c:\windows\system32\ru
2009-09-25 01:44 --d----- c:\windows\system32\wbem\ru-RU
2009-09-25 01:44 --d----- c:\windows\ru-RU
2009-09-23 23:29 --d----- c:\program files\GDP
2009-09-23 23:24 --d----- c:\program files\virtual dub
2009-09-22 02:28 --d----- c:\programdata\Blizzard Entertainment
2009-09-22 02:28 --d----- c:\progra~2\Blizzard Entertainment
2009-09-22 01:01 --d----- c:\users\teddy\Tracing
2009-09-22 00:55 54,632 a------- c:\windows\system32\drivers\fssfltr.sys
2009-09-22 00:54 --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-09-22 00:53 --d----- c:\program files\Microsoft
2009-09-22 00:53 --d----- c:\windows\PCHEALTH
2009-09-22 00:38 --d----- c:\program files\common files\Windows Live
2009-09-16 00:44 --d----- c:\programdata\BOINC
2009-09-16 00:44 --d----- c:\program files\BOINC
2009-09-16 00:44 --d----- c:\progra~2\BOINC
2009-09-15 23:38 --d----- c:\windows\system32\URTTEMP
2009-09-15 23:38 --d----- c:\program files\dotnet
2009-09-15 00:26 127 a------- c:\windows\system32\MRT.INI
2009-09-15 00:26 --d----- c:\windows\system32\MpEngineStore
2009-09-13 15:44 --d----- c:\programdata\ConeXware
2009-09-13 15:44 --d----- c:\progra~2\ConeXware

==================== Find3M ====================

2009-10-08 23:59 32,879 a------- c:\programdata\nvModes.dat
2009-10-08 23:59 32,879 a------- c:\progra~2\nvModes.dat
2009-09-25 02:10 332,832 a------- c:\windows\inf\perflib\0415\perfi.dat
2009-09-25 02:10 332,832 a------- c:\windows\inf\perflib\0415\perfh.dat
2009-09-25 02:10 37,468 a------- c:\windows\inf\perflib\0415\perfd.dat
2009-09-25 02:10 37,468 a------- c:\windows\inf\perflib\0415\perfc.dat
2009-09-25 02:02 285,290 a------- c:\windows\inf\perflib\0401\perfi.dat
2009-09-25 02:02 285,290 a------- c:\windows\inf\perflib\0401\perfh.dat
2009-09-25 02:02 41,018 a------- c:\windows\inf\perflib\0401\perfd.dat
2009-09-25 02:02 41,018 a------- c:\windows\inf\perflib\0401\perfc.dat
2009-09-25 01:53 290,748 a------- c:\windows\inf\perflib\0407\perfi.dat
2009-09-25 01:53 290,748 a------- c:\windows\inf\perflib\0407\perfh.dat
2009-09-25 01:53 36,916 a------- c:\windows\inf\perflib\0407\perfd.dat
2009-09-25 01:53 36,916 a------- c:\windows\inf\perflib\0407\perfc.dat
2009-09-25 01:44 332,666 a------- c:\windows\inf\perflib\0419\perfi.dat
2009-09-25 01:44 332,666 a------- c:\windows\inf\perflib\0419\perfh.dat
2009-09-25 01:44 38,684 a------- c:\windows\inf\perflib\0419\perfd.dat
2009-09-25 01:44 38,684 a------- c:\windows\inf\perflib\0419\perfc.dat
2009-09-19 02:29 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-19 02:29 51,200 a------- c:\windows\inf\infpub.dat
2009-09-19 02:29 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-19 04:10 638,976 a------- c:\windows\system32\WibuCm32.dll
2009-08-19 04:10 561,152 a------- c:\windows\system32\WibuCmWeb32.dll
2009-08-19 04:10 360,448 a------- c:\windows\system32\WibuXpm4J32.dll
2009-08-19 04:10 143,360 a------- c:\windows\system32\wibucmJNI.dll
2009-08-17 02:42 2,505,248 a------- c:\windows\system32\nvcpluir.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,411,616 a------- c:\windows\system32\nvsvsr.dll
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-14 12:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-11 12:35 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-03 00:21 288,024 a------- c:\windows\system32\PhysXCplUI.exe
2009-08-03 00:21 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-22 15:06 724,992 a------- c:\windows\system32\DLLAV32.dll
2009-07-22 15:05 212,992 a------- c:\windows\system32\DLLDEV32.dll
2009-07-22 15:05 147,456 a------- c:\windows\system32\DLLCPY32.dll
2009-07-22 15:05 90,112 a------- c:\windows\system32\DLLPRF32.dll
2009-07-22 15:05 221,184 a------- c:\windows\system32\DLLDRV32.dll
2009-07-22 15:05 77,824 a------- c:\windows\system32\DLLPNT32.dll
2009-07-22 15:05 94,208 a------- c:\windows\system32\DLLIO32.dll
2009-07-22 15:05 278,528 a------- c:\windows\system32\DLLRES32.dll
2009-07-22 15:05 65,536 a------- c:\windows\system32\STRING32.dll
2009-07-22 11:31 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-06-11 03:52 691 a------- c:\users\teddy\appdata\roaming\GetValue.vbs
2009-06-11 03:52 35 a------- c:\users\teddy\appdata\roaming\SetValue.bat
2009-04-29 16:23 47,360 a------- c:\users\teddy\appdata\roaming\pcouffin.sys
2008-09-22 04:12 89 a------- c:\users\teddy\appdata\roaming\netstat.bat
2008-03-27 04:05 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-25 16:38 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-25 16:38 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-25 16:38 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-25 16:38 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 23:04:29.49 ===============

Attached Files


Edited by Orange Blossom, 09 October 2009 - 10:41 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:35 PM

Posted 25 October 2009 - 06:07 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
    Direct Download
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • RootRepeal log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 ncdrawl

ncdrawl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 25 October 2009 - 09:00 PM

thanks Elise. Well, I am only having one issue.. I cannot update Windows for security fixes, etc...when I run windows update, I always get error messages..
=============================================================================================================================================================

DDS (Ver_09-10-24.04) - NTFSx86
Run by Teddy at 21:27:32.28 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft Windows Vista Ultimate 6.0.6002.2.1252.1.1033.18.3326.2383 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Genex Audio\GXHostService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Windows\System32\JulaPAN.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\AudioPlugins\RMADEC.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Teddy\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [JulaPAN.exe] JulaPAN.exe
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\teddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

================= FIREFOX ===================

FF - ProfilePath - c:\users\teddy\appdata\roaming\mozilla\firefox\profiles\fcdwzc5f.default\
FF - component: c:\users\teddy\appdata\roaming\mozilla\firefox\profiles\fcdwzc5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

As per the instructions you would have received, kindly ensure any onboard
script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.


:::::::::::::::::::::::::::::::::::::::

============= SERVICES / DRIVERS ===============

R1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\system32\drivers\Jula.sys [2009-3-29 48672]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2009-8-19 1705280]
R2 Genex GX90XX Host;Genex USB host service;c:\program files\genex audio\GXHostService.exe [2005-12-15 98304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\system32\drivers\JulaWDM.sys [2009-3-29 35872]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\magix\samplitude_10_pro\mxasio.sys [2009-2-8 4899]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 US224;US224 Driver;c:\windows\system32\drivers\US224.sys [2009-8-23 150272]
S3 US224DL;US224 Firmware Downloader;c:\windows\system32\drivers\US224DL.sys [2009-8-23 18176]
S3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\drivers\US224Wdm.sys [2009-8-23 39296]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [2008-2-28 829952]

=============== Created Last 30 ================

2009-10-24 22:00:16 1048576 --sha-w- c:\users\teddy\ntuser.dat{6f2051d1-bdf4-11de-8753-001e8c004a98}.TxR.2.regtrans-ms
2009-10-24 22:00:15 65536 --sha-w- c:\users\teddy\ntuser.dat{6f2051d1-bdf4-11de-8753-001e8c004a98}.TxR.blf
2009-10-24 22:00:15 1048576 --sha-w- c:\users\teddy\ntuser.dat{6f2051d1-bdf4-11de-8753-001e8c004a98}.TxR.1.regtrans-ms
2009-10-24 22:00:15 1048576 --sha-w- c:\users\teddy\ntuser.dat{6f2051d1-bdf4-11de-8753-001e8c004a98}.TxR.0.regtrans-ms
2009-10-24 21:13:06 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-24 21:10:24 1908 ----a-w- c:\windows\diagwrn.xml
2009-10-24 21:10:24 1908 ----a-w- c:\windows\diagerr.xml
2009-10-21 03:48:18 65536 --sha-w- c:\users\teddy\ntuser.dat{6f2051d2-bdf4-11de-8753-001e8c004a98}.TM.blf
2009-10-21 03:48:18 524288 --sha-w- c:\users\teddy\ntuser.dat{6f2051d2-bdf4-11de-8753-001e8c004a98}.TMContainer00000000000000000002.regtrans-ms
2009-10-21 03:48:18 524288 --sha-w- c:\users\teddy\ntuser.dat{6f2051d2-bdf4-11de-8753-001e8c004a98}.TMContainer00000000000000000001.regtrans-ms
2009-10-20 05:44:55 236544 ----a-w- c:\windows\PEV.exe
2009-10-20 05:30:35 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 05:30:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-20 05:30:14 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-13 06:11:47 494 ----a-w- C:\settings.ini
2009-10-11 22:45:00 263168 ----a-w- c:\windows\system32\libpng13.dll
2009-10-11 22:45:00 143872 ----a-w- c:\windows\system32\zlib1.dll
2009-10-08 19:46:35 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 07:53:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 07:53:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 07:53:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-07 18:59:17 0 d-----w- C:\Ryan Adams
2009-10-04 03:55:20 0 d-----w- c:\program files\Songsmith
2009-10-03 05:37:45 195440 ----a-w- c:\windows\system32\MpSigStub.exe
2009-09-30 05:17:36 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-30 05:17:36 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-09-30 05:17:36 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-09-30 05:17:36 38 ----a-w- c:\windows\avisplitter.ini
2009-09-30 05:17:36 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-09-30 05:17:36 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-09-30 05:17:36 178176 ----a-w- c:\windows\system32\unrar.dll
2009-09-30 05:17:36 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-09-30 05:17:35 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-30 05:17:35 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-09-26 20:25:50 0 d-----w- c:\windows\CheckSur
2009-09-26 03:58:39 0 d-----w- C:\Jerome Hines

==================== Find3M ====================

2009-10-24 22:06:17 82318 ----a-w- c:\windows\system32\perfc001.dat
2009-10-24 22:06:17 671412 ----a-w- c:\windows\system32\perfh015.dat
2009-10-24 22:06:17 662222 ----a-w- c:\windows\system32\perfh019.dat
2009-10-24 22:06:17 626404 ----a-w- c:\windows\system32\perfh007.dat
2009-10-24 22:06:17 447520 ----a-w- c:\windows\system32\perfh001.dat
2009-10-24 22:06:17 132200 ----a-w- c:\windows\system32\perfc015.dat
2009-10-24 22:06:17 130344 ----a-w- c:\windows\system32\perfc019.dat
2009-10-24 22:06:17 127056 ----a-w- c:\windows\system32\perfc007.dat
2009-10-24 22:00:30 32879 ----a-w- c:\programdata\nvModes.dat
2009-09-25 06:10:42 37468 ----a-w- c:\windows\system32\perfd015.dat
2009-09-25 06:10:42 37468 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2009-09-25 06:10:42 37468 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2009-09-25 06:10:42 332832 ----a-w- c:\windows\system32\perfi015.dat
2009-09-25 06:10:42 332832 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2009-09-25 06:10:42 332832 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2009-09-25 06:02:27 41018 ----a-w- c:\windows\system32\perfd001.dat
2009-09-25 06:02:27 41018 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2009-09-25 06:02:27 41018 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2009-09-25 06:02:27 285290 ----a-w- c:\windows\system32\perfi001.dat
2009-09-25 06:02:27 285290 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2009-09-25 06:02:27 285290 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2009-09-25 05:53:46 36916 ----a-w- c:\windows\system32\perfd007.dat
2009-09-25 05:53:46 36916 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2009-09-25 05:53:46 36916 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2009-09-25 05:53:46 290748 ----a-w- c:\windows\system32\perfi007.dat
2009-09-25 05:53:46 290748 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2009-09-25 05:53:46 290748 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2009-09-25 05:44:32 38684 ----a-w- c:\windows\system32\perfd019.dat
2009-09-25 05:44:32 38684 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2009-09-25 05:44:32 38684 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2009-09-25 05:44:32 332666 ----a-w- c:\windows\system32\perfi019.dat
2009-09-25 05:44:32 332666 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2009-09-25 05:44:32 332666 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2009-09-19 06:29:56 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-19 06:29:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-19 06:29:54 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-19 08:10:00 638976 ----a-w- c:\windows\system32\WibuCm32.dll
2009-08-19 08:10:00 561152 ----a-w- c:\windows\system32\WibuCmWeb32.dll
2009-08-19 08:10:00 360448 ----a-w- c:\windows\system32\WibuXpm4J32.dll
2009-08-19 08:10:00 143360 ----a-w- c:\windows\system32\wibucmJNI.dll
2009-08-17 06:42:20 2505248 ----a-w- c:\windows\system32\nvcpluir.dll
2009-08-17 06:42:20 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 06:42:18 1411616 ----a-w- c:\windows\system32\nvsvsr.dll
2009-08-17 06:42:18 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 04:57:00 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-17 04:57:00 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-17 04:57:00 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-17 04:57:00 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-17 04:57:00 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-17 04:57:00 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57:00 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-17 04:57:00 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-17 04:57:00 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-17 04:57:00 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-14 17:36:18 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 16:35:08 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-03 04:21:54 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe
2009-08-03 04:21:54 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe
2009-08-03 04:21:54 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-22 15:31:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-03-27 08:05:39 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-21 05:23:16 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-21 05:23:16 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-21 05:23:16 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-25 20:38:13 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-25 20:38:13 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-25 20:38:13 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-25 20:38:13 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-09-22 16:01:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 21:30:59.16 ===============
=======================================================================================================================================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 21:35
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8FF0A000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FEFF000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x8FF12000 Size: 69632 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9FF70000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spxm.sys
Image Path: C:\Windows\System32\Drivers\spxm.sys
Address: 0x8068E000 Size: 1052672 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3d62df0d-bdf5-11de-a20e-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3d62df12-bdf5-11de-a20e-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bcda55e9-c027-11de-a3e8-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d856baca-c045-11de-994e-001e8c004a98}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Teddy\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Windows\System32\en\AUTHFW~2.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.16720_none_a7f9fcdcd724c803\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.20883_none_91321380f0c70cf6\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18000_none_a7d3f834d777a15b\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18111_none_a7d4e192d776d4a4\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.22230_none_9109522ef11c4db7\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6002.18005_none_a7af7d70d7c9356f\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6001.18000_none_d1b1affa515cd235\BASEAL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6002.18005_none_d39d29064e7e9d81\BASEAL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.18111_none_a5836f22e2c4ba69\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6001.22230_none_8eb7dfbefc6a337c\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3\AUTHFW~2.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18000_none_cabd8a238d5e0b98\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6002.18005_none_cca9032f8a7fd6e4\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.22208_none_340b5a85b8f92847\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6002.18005_none_356532909d048bea\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18096_none_c4167f8080689d32\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.22208_none_c5036e1199Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1116 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x853c91f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x875981f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_CREATE]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_CLOSE]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_READ]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_WRITE]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_CLEANUP]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: udfs捅牃Ѕ獕灰, IRP_MJ_PNP]
Process: System Address: 0x863e41f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x853c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x863b21f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_CREATE]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_CLOSE]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_READ]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_WRITE]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_POWER]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蜂Ѕ慖卤䗹蜧刐蜧ࠐ蜥僠, IRP_MJ_PNP]
Process: System Address: 0x876ac1f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_CREATE]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_CLOSE]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_POWER]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: usbuhci潉捔䡒敐蓢鹸薠蛖, IRP_MJ_PNP]
Process: System Address: 0x863b91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x869e91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x869e91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869e91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869e91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x869e91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x869e91f8 Size: 121

Object: Hidden Code [Driver: netbt蚡ā, IRP_MJ_CREATE]
Process: System Address: 0x869fa500 Size: 121

Object: Hidden Code [Driver: netbt蚡ā, IRP_MJ_CLOSE]
Process: System Address: 0x869fa500 Size: 121

Object: Hidden Code [Driver: netbt蚡ā, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869fa500 Size: 121

Object: Hidden Code [Driver: netbt蚡ā, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869fa500 Size: 121

Object: Hidden Code [Driver: netbt蚡ā, IRP_MJ_CLEANUP]
Process: System Address: 0x869fa500 Size: 121

Object: Hidden Code [Driver: netbt蚡ā, IRP_MJ_PNP]
Process: System Address: 0x869fa500 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_CREATE]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_CLOSE]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_POWER]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: fdc蕈, IRP_MJ_PNP]
Process: System Address: 0x864931f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x853c61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x863b8500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_CREATE]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_CLOSE]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_READ]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_WRITE]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_QUERY_EA]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SET_EA]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_CLEANUP]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_POWER]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: mrxsmbᔋ倁І瑎湦܇$, IRP_MJ_PNP]
Process: System Address: 0x86c75500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CREATE]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CLOSE]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_READ]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_WRITE]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CLEANUP]
Process: System Address: 0x87797500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_PNP]
Process: System Address: 0x87797500 Size: 121

==EOF==

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:35 PM

Posted 26 October 2009 - 06:05 AM

Hello ncdrawl,

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smrgsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


I saw evidence in your log Combofix was run (on 20 october). Can you please post me the log, you can find it at C:\Combofix.txt

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 ncdrawl

ncdrawl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 26 October 2009 - 10:32 PM

ComboFix 09-10-19.01 - Teddy 10/20/2009 1:48.7.4 - NTFSx86
Microsoft Windows Vista Ultimate 6.0.6002.2.1252.1.1033.18.3326.1625 [GMT -4:00]
Running from: c:\users\Teddy\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-20 05:52 . 2009-10-20 05:55 -------- d-----w- c:\users\Teddy\AppData\Local\temp
2009-10-20 05:52 . 2009-10-20 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-20 05:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 05:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 05:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 05:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 05:30 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 05:30 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-13 06:08 . 2009-10-13 06:08 -------- d-----w- c:\program files\Winamp
2009-10-11 22:45 . 2009-09-27 20:41 263168 ----a-w- c:\windows\system32\libpng13.dll
2009-10-11 22:45 . 2008-12-28 23:14 143872 ----a-w- c:\windows\system32\zlib1.dll
2009-10-08 19:47 . 2009-10-16 05:03 117760 ----a-w- c:\users\Teddy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-08 19:46 . 2009-10-08 19:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-08 07:53 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 07:53 . 2009-10-08 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 07:53 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-07 18:59 . 2009-10-08 03:25 -------- d-----w- C:\Ryan Adams
2009-10-04 03:58 . 2009-10-04 03:58 220709 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{294A068B-BC5F-4700-B9F0-63949E8A617C}\_6FEFF9B68218417F98F549.exe
2009-10-04 03:58 . 2009-10-04 03:58 220709 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{294A068B-BC5F-4700-B9F0-63949E8A617C}\_6D413782B9738F6D45FB5A.exe
2009-10-04 03:55 . 2009-10-08 07:34 -------- d-----w- c:\program files\Songsmith
2009-10-03 05:37 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 05:50 . 2009-10-20 05:26 -------- d-----w- c:\users\Teddy\AppData\Roaming\vlc
2009-09-30 05:17 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-09-30 05:17 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-09-30 05:17 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-30 05:17 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-09-30 05:17 . 2009-09-28 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-28 17:09 . 2008-02-17 21:16 90112 ----a-w- c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\fcdwzc5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-09-28 17:09 . 2007-12-28 15:15 172032 ----a-w- c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\fcdwzc5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-09-28 17:09 . 2007-10-08 05:57 307200 ----a-w- c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\fcdwzc5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-09-26 20:25 . 2009-09-26 20:25 -------- d-----w- c:\windows\CheckSur
2009-09-26 03:58 . 2009-10-14 01:00 -------- d-----w- C:\Jerome Hines
2009-09-25 14:43 . 2009-09-25 14:43 -------- d-----w- c:\program files\BitLocker
2009-09-25 07:59 . 2009-09-25 07:59 766 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{93C157D5-93F8-4D4E-A8E7-871E0AAD65E7}\_69525f90.exe
2009-09-25 07:59 . 2009-09-25 07:59 766 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{93C157D5-93F8-4D4E-A8E7-871E0AAD65E7}\_2cd672ae.exe
2009-09-25 07:59 . 2009-09-25 07:59 766 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{93C157D5-93F8-4D4E-A8E7-871E0AAD65E7}\_16496df1.exe
2009-09-25 07:51 . 2009-09-25 07:59 -------- d-----w- c:\program files\Genex Audio
2009-09-25 07:51 . 2009-09-25 07:51 766 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{37EF355B-E1D8-4F65-A28C-D7A20241B945}\_294823.exe
2009-09-25 07:51 . 2009-09-25 07:51 766 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{37EF355B-E1D8-4F65-A28C-D7A20241B945}\_18be6784.exe
2009-09-25 06:18 . 2009-09-25 06:18 -------- d-----w- c:\windows\system32\drivers\hr-HR
2009-09-25 06:18 . 2009-09-25 06:18 -------- d-----w- c:\windows\hr-HR
2009-09-25 06:11 . 2009-10-11 07:45 671412 ----a-w- c:\windows\system32\perfh015.dat
2009-09-25 06:11 . 2009-10-11 07:45 132200 ----a-w- c:\windows\system32\perfc015.dat
2009-09-25 06:11 . 2009-09-25 06:10 37468 ----a-w- c:\windows\system32\perfd015.dat
2009-09-25 06:11 . 2009-09-25 06:10 332832 ----a-w- c:\windows\system32\perfi015.dat
2009-09-25 06:10 . 2009-09-25 06:10 -------- d-----w- c:\windows\pl-PL
2009-09-25 06:10 . 2009-09-25 06:10 -------- d-----w- c:\windows\system32\drivers\pl-PL
2009-09-25 06:10 . 2009-09-25 06:10 -------- d-----w- c:\windows\system32\wbem\pl-PL
2009-09-25 06:10 . 2009-09-25 06:10 -------- d-----w- c:\windows\system32\pl
2009-09-25 06:10 . 2009-09-25 06:10 -------- d-----w- c:\windows\system32\0415
2009-09-25 06:03 . 2009-10-11 07:45 82318 ----a-w- c:\windows\system32\perfc001.dat
2009-09-25 06:03 . 2009-10-11 07:45 447520 ----a-w- c:\windows\system32\perfh001.dat
2009-09-25 06:03 . 2009-09-25 06:02 41018 ----a-w- c:\windows\system32\perfd001.dat
2009-09-25 06:03 . 2009-09-25 06:02 285290 ----a-w- c:\windows\system32\perfi001.dat
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\fr-FR
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\040C
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\ar-SA
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\fr
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\drivers\fr-FR
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\drivers\ar-SA
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\ar
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\wbem\fr-FR
2009-09-25 06:02 . 2009-09-25 06:02 -------- d-----w- c:\windows\system32\wbem\ar-SA
2009-09-25 05:54 . 2009-10-11 07:45 626404 ----a-w- c:\windows\system32\perfh007.dat
2009-09-25 05:54 . 2009-10-11 07:45 127056 ----a-w- c:\windows\system32\perfc007.dat
2009-09-25 05:54 . 2009-09-25 05:53 36916 ----a-w- c:\windows\system32\perfd007.dat
2009-09-25 05:54 . 2009-09-25 05:53 290748 ----a-w- c:\windows\system32\perfi007.dat
2009-09-25 05:54 . 2009-09-25 05:54 -------- d-----w- c:\windows\de-DE
2009-09-25 05:53 . 2009-09-25 05:53 -------- d-----w- c:\windows\system32\drivers\de-DE
2009-09-25 05:53 . 2009-09-25 05:53 -------- d-----w- c:\windows\system32\0407
2009-09-25 05:53 . 2009-09-25 05:53 -------- d-----w- c:\windows\system32\wbem\de-DE
2009-09-25 05:53 . 2009-09-25 05:53 -------- d-----w- c:\windows\system32\de
2009-09-25 05:45 . 2009-09-25 05:44 332666 ----a-w- c:\windows\system32\perfi019.dat
2009-09-25 05:45 . 2009-10-11 07:45 662222 ----a-w- c:\windows\system32\perfh019.dat
2009-09-25 05:45 . 2009-10-11 07:45 130344 ----a-w- c:\windows\system32\perfc019.dat
2009-09-25 05:45 . 2009-09-25 05:44 38684 ----a-w- c:\windows\system32\perfd019.dat
2009-09-25 05:44 . 2009-09-25 05:44 -------- d-----w- c:\windows\system32\drivers\ru-RU
2009-09-25 05:44 . 2009-09-25 05:44 -------- d-----w- c:\windows\system32\0419
2009-09-25 05:44 . 2009-09-25 05:44 -------- d-----w- c:\windows\system32\ru
2009-09-25 05:44 . 2009-09-25 05:44 -------- d-----w- c:\windows\system32\wbem\ru-RU
2009-09-25 05:44 . 2009-09-25 05:44 -------- d-----w- c:\windows\ru-RU
2009-09-24 03:29 . 2009-10-05 03:16 -------- d-----w- c:\program files\GDP
2009-09-24 03:24 . 2009-09-28 05:51 -------- d-----w- c:\program files\virtual dub
2009-09-22 06:28 . 2009-09-22 06:29 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-09-22 05:01 . 2009-09-22 05:27 -------- d-----w- c:\users\Teddy\Tracing
2009-09-22 04:55 . 2009-08-06 02:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-22 04:54 . 2009-09-22 04:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-22 04:53 . 2009-09-22 04:53 -------- d-----w- c:\program files\Microsoft
2009-09-22 04:53 . 2009-10-08 07:44 -------- d-----w- c:\program files\Windows Live
2009-09-22 04:53 . 2009-09-22 04:53 -------- d-----w- c:\windows\PCHEALTH
2009-09-22 04:38 . 2009-09-22 04:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-20 15:36 . 2009-09-20 15:36 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 05:56 . 2009-09-16 04:44 -------- d-----w- c:\programdata\BOINC
2009-10-20 05:55 . 2009-09-04 05:42 32879 ----a-w- c:\programdata\nvModes.dat
2009-10-20 05:55 . 2008-02-28 22:24 -------- d-----w- c:\programdata\NVIDIA
2009-10-20 05:43 . 2008-03-11 05:01 -------- d-----w- c:\users\Teddy\AppData\Roaming\uTorrent
2009-10-20 05:28 . 2008-04-18 18:56 -------- d-----w- c:\users\Teddy\AppData\Roaming\Vso
2009-10-19 13:21 . 2009-03-29 08:30 1 ----a-w- c:\users\Teddy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-19 00:25 . 2009-01-25 19:04 -------- d-----w- c:\users\Teddy\AppData\Roaming\foobar2000
2009-10-14 16:58 . 2009-01-25 19:03 -------- d-----w- c:\program files\foobar2000
2009-10-13 06:57 . 2008-02-28 06:09 55144 ----a-w- c:\users\Teddy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-08 19:46 . 2008-10-11 22:47 -------- d-----w- c:\users\Teddy\AppData\Roaming\SUPERAntiSpyware.com
2009-10-08 19:45 . 2008-04-01 00:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-06 04:50 . 2008-02-29 06:12 -------- d-----w- c:\program files\FLAC
2009-09-30 05:17 . 2008-10-13 06:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-29 03:07 . 2008-02-28 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 06:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-25 06:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-25 06:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-25 06:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-25 06:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 06:29 . 2008-12-09 18:04 -------- d-----w- c:\program files\World of Warcraft
2009-09-16 04:55 . 2009-09-16 04:44 -------- d-----w- c:\program files\BOINC
2009-09-16 04:14 . 2009-09-04 05:17 -------- d-----w- c:\users\Teddy\AppData\Roaming\Folding@home-x86
2009-09-16 04:13 . 2009-09-16 04:13 2338816 ----a-w- c:\users\Teddy\AppData\Roaming\Folding@home-x86\FahCore_78.exe
2009-09-16 04:07 . 2009-09-06 20:12 -------- d-----w- c:\programdata\WinZip
2009-09-16 03:38 . 2009-09-16 03:38 -------- d-----w- c:\program files\dotnet
2009-09-15 04:35 . 2009-09-15 04:35 8192 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{B22CE542-B0A1-42AD-955D-7455B7C9ED74}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
2009-09-15 04:35 . 2009-09-15 04:35 54784 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{B22CE542-B0A1-42AD-955D-7455B7C9ED74}\IconTmpl6.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
2009-09-15 04:35 . 2009-09-15 04:35 14848 ----a-r- c:\users\Teddy\AppData\Roaming\Microsoft\Installer\{B22CE542-B0A1-42AD-955D-7455B7C9ED74}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
2009-09-13 19:44 . 2009-09-13 19:44 -------- d-----w- c:\programdata\ConeXware
2009-09-07 07:31 . 2008-03-04 20:40 -------- d-----w- c:\program files\Java
2009-09-04 05:39 . 2009-09-04 05:39 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-04 05:38 . 2008-10-17 19:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-04 05:01 . 2009-03-18 06:00 -------- d-----w- c:\program files\PopCap Games
2009-09-04 05:01 . 2009-03-18 06:00 -------- d-----w- c:\programdata\PopCap Games
2009-08-29 00:27 . 2009-09-02 04:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 04:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 15:09 . 2009-08-28 03:15 -------- d-----w- c:\program files\VST plugin analyzer
2009-08-19 08:10 . 2009-08-19 08:10 638976 ----a-w- c:\windows\system32\WibuCm32.dll
2009-08-19 08:10 . 2009-08-19 08:10 561152 ----a-w- c:\windows\system32\WibuCmWeb32.dll
2009-08-19 08:10 . 2009-08-19 08:10 360448 ----a-w- c:\windows\system32\WibuXpm4J32.dll
2009-08-19 08:10 . 2009-08-19 08:10 143360 ----a-w- c:\windows\system32\wibucmJNI.dll
2009-08-17 06:42 . 2009-08-17 06:42 2505248 ----a-w- c:\windows\system32\nvcpluir.dll
2009-08-17 06:42 . 2009-08-17 06:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 06:42 . 2009-08-17 06:42 1411616 ----a-w- c:\windows\system32\nvsvsr.dll
2009-08-17 06:42 . 2009-08-17 06:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 04:57 . 2009-08-17 04:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 04:57 . 2009-08-17 04:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-17 04:57 . 2009-08-17 04:57 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-17 04:57 . 2009-08-17 04:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-17 04:57 . 2009-08-17 04:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-17 04:57 . 2009-08-17 04:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-17 04:57 . 2007-10-28 08:52 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-17 04:57 . 2007-10-28 08:52 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-14 16:27 . 2009-09-15 04:23 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-15 04:23 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-15 04:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-15 04:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-15 04:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-15 04:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-15 04:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-15 04:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-15 04:23 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-15 04:23 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-15 04:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 16:35 . 2008-12-02 07:13 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-06 02:07 . 2009-08-06 02:07 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-03 04:21 . 2009-08-03 04:21 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe
2009-08-03 04:21 . 2009-08-03 04:21 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe
2009-08-03 04:21 . 2009-08-03 04:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-22 19:06 . 2008-04-01 00:15 724992 ----a-w- c:\windows\system32\DLLAV32.dll
2009-07-22 19:05 . 2008-04-01 00:15 212992 ----a-w- c:\windows\system32\DLLDEV32.dll
2009-07-22 19:05 . 2008-04-01 00:15 147456 ----a-w- c:\windows\system32\DLLCPY32.dll
2009-07-22 19:05 . 2008-04-01 00:15 90112 ----a-w- c:\windows\system32\DLLPRF32.dll
2009-07-22 19:05 . 2008-04-01 00:15 77824 ----a-w- c:\windows\system32\DLLPNT32.dll
2009-07-22 19:05 . 2008-04-01 00:15 221184 ----a-w- c:\windows\system32\DLLDRV32.dll
2009-07-22 19:05 . 2008-04-01 00:15 94208 ----a-w- c:\windows\system32\DLLIO32.dll
2009-07-22 19:05 . 2008-04-01 00:15 278528 ----a-w- c:\windows\system32\DLLRES32.dll
2009-07-22 19:05 . 2008-04-01 00:15 65536 ----a-w- c:\windows\system32\STRING32.dll
2008-09-14 08:20 . 2009-03-22 17:43 4688384 ----a-w- c:\program files\mozilla firefox\plugins\avcodec-51.dll
2008-09-14 08:20 . 2009-03-22 17:43 546304 ----a-w- c:\program files\mozilla firefox\plugins\libfreetype-6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-06-10 58112]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"JulaPAN.exe"="JulaPAN.exe" - c:\windows\System32\JulaPAN.exe [2009-02-04 481824]

c:\users\Teddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2009-8-19 6348800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PlexTools Professional LE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PlexTools Professional LE.lnk
backup=c:\windows\pss\PlexTools Professional LE.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Teddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk]
path=c:\users\Teddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
backup=c:\windows\pss\CodeMeter Control Center.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Teddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\users\Teddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Teddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Teddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:63,25,97,5f,e2,0a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3185887781-3781085259-3947595314-1000]
"EnableNotificationsRef"=dword:00000001

R1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\System32\drivers\Jula.sys [3/29/2009 17:16 48672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 74480]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [8/19/2009 04:10 1705280]
R2 Genex GX90XX Host;Genex USB host service;c:\program files\Genex Audio\GXHostService.exe [12/15/2005 16:46 98304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [8/17/2009 01:32 239648]
R3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\System32\drivers\JulaWDM.sys [3/29/2009 17:16 35872]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/22/2009 00:55 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 22:48 704864]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\MAGIX\Samplitude_10_Pro\mxasio.sys [2/8/2009 21:42 4899]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 7408]
S3 US224;US224 Driver;c:\windows\System32\drivers\US224.sys [8/23/2009 16:59 150272]
S3 US224DL;US224 Firmware Downloader;c:\windows\System32\drivers\US224DL.sys [8/23/2009 16:59 18176]
S3 Us224WdmService;US224 Wdm Audio;c:\windows\System32\drivers\US224Wdm.sys [8/23/2009 16:59 39296]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [11/2/2005 11:54 11596]
S3 Winacusb;Winacusb;c:\windows\System32\drivers\winacusb.sys [2/28/2008 18:44 829952]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\fcdwzc5f.default\
FF - component: c:\users\Teddy\AppData\Roaming\Mozilla\Firefox\Profiles\fcdwzc5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Winamp - c:\program files\foobar2000\plugins\Winamp\UninstallWA.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Teddy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 01:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3185887781-3781085259-3947595314-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9AD8944-04D7-927C-C958-3861DF7F9E16}*]
"iafhidpijjmjallafd"=hex:6a,61,6b,64,70,6e,6b,6e,70,69,6f,6b,6b,68,6e,6e,69,63,
6e,66,00,00
"hapgognmkdhmidbg"=hex:6a,61,6a,64,65,65,6c,70,6f,69,68,63,6a,65,6a,6b,6b,6f,
61,6a,00,00
"kahfkhbhcfaijpadddkppk"=hex:62,62,6e,66,6e,61,6b,64,6b,61,68,6a,61,70,6a,6e,
69,63,6a,6d,6c,62,6a,6b,70,6b,62,6a,6e,70,70,68,63,6d,70,68,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\ASUS\AASP\1.00.40\aaCenter.exe
c:\combofix\CF28345.exe
c:\program files\VSO\ConvertX\3\ConvertXtoDvd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wermgr.exe
.
**************************************************************************
.
Completion time: 2009-10-20 2:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-20 06:05

Pre-Run: 73,943,396,352 bytes free
Post-Run: 71,685,185,536 bytes free

- - End Of File - - 6F6B24BAC533DE9EA12059B3093A4FBD

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:35 PM

Posted 27 October 2009 - 02:54 AM

Hello ncdrawl,

Can you please include a description of what happens when you try to update Vista? Are you able to load the page? What error message do you get? Are you able to download updates and does the problem occur when you try to install them?

INSTALL ANTIVIRUS
---------------------------
I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and click Check for updates now on the Update tab.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log
  • The Vista update error messages.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:35 PM

Posted 30 October 2009 - 03:54 AM

Hi again, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:35 PM

Posted 01 November 2009 - 03:52 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter, and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users