Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recently had Windows System Defender and Antivirus System Pro


  • This topic is locked This topic is locked
2 replies to this topic

#1 Plow

Plow

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 26 October 2009 - 07:27 PM

I've recently had the scareware of Windows System Defender and Antivirus System Pro. I ran Malwarebytes and I ran several scans with AVG, and deleted most of the files. They seem to be gone; however, I cannot open Task Manager. Also, even though it says I'm the admin of the computer, I'm not the admin.
Here's the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:55 AM, on 10/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Bar] C:\Users\CARROT~1\AppData\Local\Temp\oasemxwnrc.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C59E945-1265-4147-99D8-F4369696DF45}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9575 bytes


And here's the log from RootRepeal:

ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time:		2009/10/26 17:00Program Version:		Version 1.3.5.0Windows Version:		Windows Vista SP1==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\Windows\System32\Drivers\dump_atapi.sysAddress: 0x90B77000	Size: 32768	File Visible: No	Signed: -Status: -Name: dump_dumpata.sysImage Path: C:\Windows\System32\Drivers\dump_dumpata.sysAddress: 0x90B6C000	Size: 45056	File Visible: No	Signed: -Status: -Name: rootrepeal.sysImage Path: C:\Windows\system32\drivers\rootrepeal.sysAddress: 0x9CDD5000	Size: 49152	File Visible: No	Signed: -Status: -Name: sptdImage Path: \Driver\sptdAddress: 0x00000000	Size: 0	File Visible: No	Signed: -Status: -Name: spus.sysImage Path: C:\Windows\System32\Drivers\spus.sysAddress: 0x80697000	Size: 1048576	File Visible: No	Signed: -Status: -Hidden/Locked Files-------------------Path: C:\hiberfil.sysStatus: Locked to the Windows API!Path: C:\System Volume Information\{ee84708e-ba56-11de-ad09-e9146d36f80c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{0a2cc9ad-bdca-11de-9c76-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{1900f3f7-b5c9-11de-beb9-001fc65e51d0}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{49d5ebad-bf59-11de-9cdb-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{533e692c-ba59-11de-8b10-b5dd9a499901}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{533e6935-ba59-11de-8b10-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{533e693b-ba59-11de-8b10-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{BFB41~3Status: Locked to the Windows API!Path: C:\System Volume Information\{695A7~1Status: Locked to the Windows API!Path: C:\System Volume Information\{81ef4e0e-bd15-11de-a072-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{a2c50eac-bb6a-11de-ac36-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{a2c50eb3-bb6a-11de-ac36-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{a45a140d-b90f-11de-8d6e-001fc65e51d0}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2070228d-b77d-11de-8c00-001fc65e51d0}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2f2f4934-b9c1-11de-a840-a66cdfd24d3c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2f2f493a-b9c1-11de-a840-a66cdfd24d3c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2f2f4941-b9c1-11de-a840-a66cdfd24d3c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2f2f4947-b9c1-11de-a840-a66cdfd24d3c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2f2f494d-b9c1-11de-a840-a66cdfd24d3c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{2f2f4953-b9c1-11de-a840-a66cdfd24d3c}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{3188648d-b84d-11de-adb9-001fc65e51d0}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{BFB41~1Status: Locked to the Windows API!Path: C:\System Volume Information\{bfb41d35-bc10-11de-802e-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{BFB41~4Status: Locked to the Windows API!Path: C:\System Volume Information\{B3672~1Status: Locked to the Windows API!Path: C:\System Volume Information\{bfb41d58-bc10-11de-802e-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bfb41d5e-bc10-11de-802e-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bfb41d66-bc10-11de-802e-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bfb41d6d-bc10-11de-802e-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{bfb41d73-bc10-11de-802e-00241dd78c12}{3808876b-c176-4e48-b7ae-04046e6cc752}Status: Locked to the Windows API!Path: C:\System Volume Information\{C8F08~1Status: Locked to the Windows API!Path: C:\Windows\ehome\EHEXTH~1.CONStatus: Locked to the Windows API!Path: c:\programdata\symantec\liveupdate\2009-10-26_log.aluschedulersvc.liveupdateStatus: Allocation size mismatch (API: 4096, Raw: 0)Path: C:\Windows\PLA\Rules\RULESS~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\PLA\System\WIRELE~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.catStatus: Locked to the Windows API!Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\EHEXTH~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16784_none_bcaffa6cc1ee8282\EHEXTH~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XMLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RESStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_bf5ca9cf312f74f6\$$DeleteMe.mscorjit.dll.01c9960f02c0d11c.0004Status: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-mscoree_dll_31bf3856ad364e35_6.0.6001.18000_none_b55ffc255629a804\$$DeleteMe.mscoree.dll.01c9960f01d2c79c.0000Status: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.0.6001.18000_none_5af0232c04098a36\$$DeleteMe.mscorsvc.dll.01c9960f02b4ea3c.0003Status: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18000_none_1ff6260de878daa7\$$DeleteMe.mscorsvw.exe.01c9960f0263fb7c.0002Status: Locked to the Windows API!Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.configStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INIStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INIStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.HStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.HStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.HStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRGStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.HStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.16708_none_820ff368b2f34b62\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.20864_none_8254af83cc452d76\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.18096_none_8392e048b064a7f7\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.22208_none_847fced9c9377c1d\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.16708_none_4c6d3f4bfe5170cb\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.20864_none_4cb1fb6717a352df\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.18096_none_4df02c2bfbc2cd60\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.22208_none_4edd1abd1495a186\GLOBAL~1.COMStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASPStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASPStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASPStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASPStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~4.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI1344~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI5BF5~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~2.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~3.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~4.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI1344~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI5BF5~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~2.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~3.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~4.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI1344~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI5BF5~1.ASCStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQLStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CONStatus: Locked to the Windows API!Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEProcesses-------------------Path: SystemPID: 4	Status: Locked to the Windows API!Stealth Objects-------------------Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]Process: System	Address: 0x85d8a1f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]Process: System	Address: 0x888491f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]Process: System	Address: 0x85d871f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]Process: System	Address: 0x8723d1f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]Process: System	Address: 0x85d891f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]Process: System	Address: 0x8723c1f8	Size: 121Object: Hidden Code [Driver: Smb前Ј瑎牦蠜侮蠠, IRP_MJ_CREATE]Process: System	Address: 0x880311f8	Size: 121Object: Hidden Code [Driver: Smb前Ј瑎牦蠜侮蠠, IRP_MJ_CLOSE]Process: System	Address: 0x880311f8	Size: 121Object: Hidden Code [Driver: Smb前Ј瑎牦蠜侮蠠, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x880311f8	Size: 121Object: Hidden Code [Driver: Smb前Ј瑎牦蠜侮蠠, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x880311f8	Size: 121Object: Hidden Code [Driver: Smb前Ј瑎牦蠜侮蠠, IRP_MJ_CLEANUP]Process: System	Address: 0x880311f8	Size: 121Object: Hidden Code [Driver: Smb前Ј瑎牦蠜侮蠠, IRP_MJ_PNP]Process: System	Address: 0x880311f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_CREATE]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_CLOSE]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_POWER]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: ai6bdbp5Ѕ晖呉퀜遐ሴ舳, IRP_MJ_PNP]Process: System	Address: 0x8726b1f8	Size: 121Object: Hidden Code [Driver: netbtY, IRP_MJ_CREATE]Process: System	Address: 0x880c51f8	Size: 121Object: Hidden Code [Driver: netbtY, IRP_MJ_CLOSE]Process: System	Address: 0x880c51f8	Size: 121Object: Hidden Code [Driver: netbtY, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x880c51f8	Size: 121Object: Hidden Code [Driver: netbtY, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x880c51f8	Size: 121Object: Hidden Code [Driver: netbtY, IRP_MJ_CLEANUP]Process: System	Address: 0x880c51f8	Size: 121Object: Hidden Code [Driver: netbtY, IRP_MJ_PNP]Process: System	Address: 0x880c51f8	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_CREATE]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_CLOSE]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_POWER]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: iScsiPrtЕ楄瑣뷨蜦뷨蜦뷰蜦뷰蜦뷸蜦뷸蜦, IRP_MJ_PNP]Process: System	Address: 0x87290480	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]Process: System	Address: 0x85d851f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_CREATE]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_CLOSE]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_POWER]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: nvstor32, IRP_MJ_PNP]Process: System	Address: 0x85d881f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]Process: System	Address: 0x872601f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]Process: System	Address: 0x8724d1f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_CREATE]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_CLOSE]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_READ]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_WRITE]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_QUERY_INFORMATION]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_SET_INFORMATION]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_QUERY_VOLUME_INFORMATION]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_DIRECTORY_CONTROL]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_FILE_SYSTEM_CONTROL]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_DEVICE_CONTROL]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_SHUTDOWN]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_LOCK_CONTROL]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_CLEANUP]Process: System	Address: 0x88c031f8	Size: 121Object: Hidden Code [Driver: cdfsЅ瑎硦, IRP_MJ_PNP]Process: System	Address: 0x88c031f8	Size: 121==EOF==


P.S. For the Task Manager not opening part, it doesn't give me a message saying "The administrator has disable this." Instead, I get a hourglass and nothing comes up. I've also tried right clicking the taskbar and clicking on Task Manager, but that doesn't work. I still only get an hourglass and nothing comes up.

I hope you guys can find out my problem.
Cheers.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:22 PM

Posted 02 November 2009 - 10:34 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:22 PM

Posted 05 November 2009 - 07:47 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users