Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various problems including AVG upgrade ad pop-up, slow start-up, lag in Windows Explorer, etc.


  • This topic is locked This topic is locked
4 replies to this topic

#1 playing_in_the_rain

playing_in_the_rain

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 27 November 2009 - 07:54 PM

Been having problems with my laptop for quite some time now. The lag I get never used to happen. I also have an issue with WMP, when I first start the program and try to play a song the blue sphere on my pointer spins incessantly until I close WMP and restart. After the program restart there are no problems. Also, I tried to setup the install disks for my HP laptop and it ALWAYS stops halfway through the process. Anyway, here are all the logs asked for. I hope you folks can help me out here. Thank you.



DDS (Ver_09-11-24.02) - NTFSx86
Run by Administrator at 19:19:04.35 on 27/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3006.1152 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {38A59199-1652-49D9-B079-27F1AAEB61F9} = 208.67.222.222,208.67.220.220
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\whg1ixzt.default\
FF - prefs.js: browser.search.selectedEngine - Torrents.to
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\whg1ixzt.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\whg1ixzt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-28 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-28 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-7-28 159600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-28 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-28 297752]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-11-13 439616]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-7-28 73840]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-7-1 33840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-7-28 95640]
S2 gupdate1c98c1fce8dbcc0;Google Update Service (gupdate1c98c1fce8dbcc0);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]

=============== Created Last 30 ================

2009-11-08 23:43:38 0 d-----w- c:\program files\FLAC
2009-11-08 22:30:15 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-08 22:30:12 8147456 ----a-w- c:\windows\system32\wmploc.DLL

==================== Find3M ====================

2009-11-27 22:54:14 28599 ----a-w- c:\programdata\nvModes.dat
2009-11-26 18:31:05 672380 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-26 18:31:05 127578 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-14 10:19:13 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-14 10:19:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-14 10:19:11 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 13:55:50 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 13:55:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2008-07-03 10:18:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-04-25 00:40:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-04-25 00:40:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-04-25 00:40:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-04-25 00:40:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-09 07:30:53 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-07-09 07:30:53 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-07-09 07:30:53 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-07-28 06:57:18 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-07-28 06:57:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-07-28 06:57:18 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat

============= FINISH: 19:20:52.13 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/05/2008 5:52:16 PM
System Uptime: 26/11/2009 1:24:34 PM (30 hours ago)

Motherboard: Quanta | | 30D1
Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 28.759 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 15.655 GiB free.
E: is FIXED (NTFS) - 12 GiB total, 1.556 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player
Adobe Shockwave Player 11
Alien Arena 2008 7.10
Any Video Converter 2.7.5
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Astroburn
µTorrent
Audacity 1.2.6
AutoUpdate
AVG Free 8.5
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CamStudio
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DJ_AIO_03_F4200_Software_Min
DVD Suite
Express Burn
FLAC 1.2.1b (remove only)
FlipShare
Free Audio Dub version 1.4
GNU Aspell 0.50-3
Google Earth
Google Update Helper
Google Updater
GTK+ Runtime 2.12.8 rev a (remove only)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Deskjet F4200 All-In-One Driver 11.0 03
HP Doc Viewer
HP Help and Support
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Update
HP User Guides 0088
HPNetworkAssistant
iTunes
Java™ 6 Update 14
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
LabelPrint
LightScribe System Software 1.17.90.1
Macromedia Flash MX
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Miro
Mozilla Firefox (3.0.13)
Mozilla Thunderbird (2.0.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
muvee Plugin 1.0
NVIDIA Drivers
OpenOffice.org Installer 1.0
PC Tools Firewall Plus 5.0
PeerGuardian 2.0
Pixillion Image Converter
Polar Bowler
Power2Go
PowerDirector
Prism Video Converter
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RocketDock 1.3.5
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Shooting Stars Pool
SmartWebPrintingOC
Songbird 0.7.0 (20080819)
SoundTap Streaming Audio Recorder
Spybot - Search & Destroy
Switch Sound File Converter
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Vista Codec Package
WeatherBug Gadget
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Player Firefox Plugin

==== End Of File ===========================




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/27 19:26
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x909A4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spje.sys
Image Path: C:\Windows\System32\Drivers\spje.sys
Address: 0x8060B000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{1345580e-d6dd-11de-9a05-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{174bec8f-d1d9-11de-98cc-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fe0a36c-ce24-11de-9e7a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fe0a436-ce24-11de-9e7a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fe0a4d9-ce24-11de-9e7a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fe0a6a7-ce24-11de-9e7a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fe0a6b1-ce24-11de-9e7a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fe0a6bb-ce24-11de-9e7a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{27b83479-ca21-11de-af44-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5a8bebde-cb04-11de-9b2f-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5a8bebe9-cb04-11de-9b2f-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{80801b57-d39b-11de-908e-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{adbe9c4e-d54e-11de-9a9b-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c76de398-cb43-11de-8e4b-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c76de8d7-cb43-11de-8e4b-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c76deb6f-cb43-11de-8e4b-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec3ef329-c88f-11de-80fb-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f4654ab5-dab8-11de-ae5a-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fe4db0b0-d31a-11de-a76d-001e6887625d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\program files\pc tools firewall plus\fwservice.txt
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\program files\pc tools firewall plus\kdsinterface.txt
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\windows\temp\bcfb58e6-7e62-4d66-8fb3-1a5d5b7d7179.tmp
Status: Allocation size mismatch (API: 458752, Raw: 0)

Path: c:\windows\temp\a08b8afc-48a9-4973-a87e-8ddf57d12e69.tmp
Status: Allocation size mismatch (API: 0, Raw: 131072)

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.18096_none_408185d4f04ca856\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_9e7d8c92dbaad42f\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_9ec248adf4fcb643\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_a0007972d91c30c4\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.22208_none_a0ed6803f1ef04ea\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6002.18005_none_a247400ed5fa688d\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.22208_none_416e7466091f7c7c\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6002.18005_none_42c84c70ed2ae01f\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.16708_none_c7595a2aa4b56e63\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.20864_none_c79e1645be075077\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.18096_none_c8dc470aa226caf8\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.22208_none_c9c9359bbaf99f1e\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6002.18005_none_cb230da69f0502c1\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.16708_none_3efe98f4f2db4bc1\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.20864_none_3f4355100c2d2dd5\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6002.18005_none_83a8694719af9b52\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6002.18005_none_75afde35f873240b\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.16708_none_ddb4cf58a13aa0ca\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.20864_none_ddf98b73ba8c82de\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18096_none_df37bc389eabfd5f\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.22208_none_e024aac9b77ed185\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6002.18005_none_e17e82d49b8a3528\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\RENDER~1.XML
Status: Locked to the Windows API!

Path: c:\program files\common files\pc tools\kds\kdsappevent.txt
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 1048576, Raw: 491520)

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.001
Status: Allocation size mismatch (API: 786432, Raw: 524288)

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: c:\users\administrator\appdata\local\temp\fla9c92.tmp
Status: Allocation size mismatch (API: 5832704, Raw: 0)

Path: c:\users\administrator\appdata\roaming\utorrent\resume.dat
Status: Size mismatch (API: 123308, Raw: 123002)

Path: C:\Users\Administrator\AppData\Roaming\uTorrent\sessionstore.js
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\WEB_LO~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
StatProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1220 Status: Locked to the Windows API!

Path: C:\Windows\System32\mfpmp.exe
PID: 3792 Status: Locked to the Windows API!

SSDT
-------------------
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904b94

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904516

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904586

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d9045da

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904640

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d90472e

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d9047ba

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d90484a

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904980

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d9049d4

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904a3a

#: 189 Function Name: NtOpenKey
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904a8c

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904ae4

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904b3c

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904bfa

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904c58

#: 282 Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904cb6

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904d74

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904d08

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904dde

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904e30

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904e90

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904ef4

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d9048ec

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d9046be

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x854b21f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x87a191f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_CREATE]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_CLOSE]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_POWER]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: as1kw9esП牄諥諲, IRP_MJ_PNP]
Process: System Address: 0x867651f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_CREATE]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_CLOSE]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_POWER]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: auxdfvn9Ѕ晖呉삌輘䈴艏, IRP_MJ_PNP]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x854b11f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x865b41f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_CREATE]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_CLOSE]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_POWER]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci虘Є瑅具, IRP_MJ_PNP]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: Smb䲍Ѝ摍, IRP_MJ_CREATE]
Process: System Address: 0x879bd1f8 Size: 121

Object: Hidden Code [Driver: Smb䲍Ѝ摍, IRP_MJ_CLOSE]
Process: System Address: 0x879bd1f8 Size: 121

Object: Hidden Code [Driver: Smb䲍Ѝ摍, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x879bd1f8 Size: 121

Object: Hidden Code [Driver: Smb䲍Ѝ摍, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x879bd1f8 Size: 121

Object: Hidden Code [Driver: Smb䲍Ѝ摍, IRP_MJ_CLEANUP]
Process: System Address: 0x879bd1f8 Size: 121

Object: Hidden Code [Driver: Smb䲍Ѝ摍, IRP_MJ_PNP]
Process: System Address: 0x879bd1f8 Size: 121

Object: Hidden Code [Driver: netbt貵�І华牉럈螼뺨螜, IRP_MJ_CREATE]
Process: System Address: 0x879be500 Size: 121

Object: Hidden Code [Driver: netbt貵�І华牉럈螼뺨螜, IRP_MJ_CLOSE]
Process: System Address: 0x879be500 Size: 121

Object: Hidden Code [Driver: netbt貵�І华牉럈螼뺨螜, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x879be500 Size: 121

Object: Hidden Code [Driver: netbt貵�І华牉럈螼뺨螜, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x879be500 Size: 121

Object: Hidden Code [Driver: netbt貵�І华牉럈螼뺨螜, IRP_MJ_CLEANUP]
Process: System Address: 0x879be500 Size: 121

Object: Hidden Code [Driver: netbt貵�І华牉럈螼뺨螜, IRP_MJ_PNP]
Process: System Address: 0x879be500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_CREATE]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_CLOSE]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_POWER]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉쁤記䈴艏, IRP_MJ_PNP]
Process: System Address: 0x8676d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x846f21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x865bb1f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_CREATE]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_CLOSE]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_READ]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_WRITE]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_QUERY_EA]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SET_EA]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_CLEANUP]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SET_SECURITY]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_POWER]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_SET_QUOTA]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: mrxsmb慖⁤І但塃, IRP_MJ_PNP]
Process: System Address: 0x87d681f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_CREATE]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_CLOSE]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_READ]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_WRITE]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_CLEANUP]
Process: System Address: 0x87a4d1f8 Size: 121

Object: Hidden Code [Driver: cdfsЃ浍楓, IRP_MJ_PNP]
Process: System Address: 0x87a4d1f8 Size: 121

Shadow SSDT
-------------------
#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904f52

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d904fbe

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d905022

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d9050f6

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\Windows\system32\drivers\PCTAppEvent.sys" at address 0x9d905086

==EOF==

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:15 AM

Posted 05 December 2009 - 07:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 playing_in_the_rain

playing_in_the_rain
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 06 December 2009 - 11:48 PM

Thank you for your reply. Unfortunately, I can't seem to open, much less download the files from the links you posted. The first link is 512 kb but my computer doesn't recognize it or know what app to use. And the second one opens a new tab with pages of incomprehensible nothingness. They seem to be dead.
Any suggestions?

Thank you,

MGS

Edited by playing_in_the_rain, 06 December 2009 - 11:55 PM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:15 PM

Posted 07 December 2009 - 02:53 PM

Hi playing_in_the_rain,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3

We need to create an OTL Report
  • Please OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox. .
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please post back:

1.Gmer log
2.MBAM log
3.OTListIt.txt and Extra.txt

Please detail the problems you're experiencing now.Thanks.

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:15 PM

Posted 11 December 2009 - 03:06 AM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users