Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Google Hijack ?

Started by Redder's , Feb 04 2010 03:56 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 Redder's

Redder's

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:10:04 AM

Posted 04 February 2010 - 03:56 PM

Two problems :-
1) When I do a google search, the results come back OK, but when I click on one of the result links I'm directed to MSN Hotmail (I can get into the sites OK if I "right-click" on the link and cut and paste the URL into the browser address bar).
2) Cannot boot up into "safe mode".
Not sure if they are related ?

AII Topic for reference: http://www.bleepingcomputer.com/forums/ind...p;#entry1609908 -MG

DDS log :-


DDS (Ver_09-12-01.01) - NTFSx86
Run by admin at 9:31:11.98 on 04/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2031.1075 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\WIGC9J2J\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchMigratedDefaultURL = hxxp://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: []
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pbttbc.bt
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221303619203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-29 64288]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2008-9-2 12096]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-14 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-14 144704]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-9-16 576536]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-14 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-14 34248]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2009-10-20 4708864]

=============== Created Last 30 ================

2010-02-03 21:37:01 41 ----a-w- C:\fixme.bat
2010-02-03 21:35:14 77312 ----a-w- C:\mbr.exe
2010-01-30 21:57:13 0 d-----w- c:\program files\CCleaner
2010-01-30 21:34:43 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-01-30 21:34:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-29 22:40:43 981 ----a-w- c:\windows\hpntwksetup.ini
2010-01-29 22:33:01 88437 ----a-w- c:\windows\hpoins06.dat
2010-01-29 22:33:01 5389 ------w- c:\windows\hpomdl06.dat
2010-01-28 06:51:22 0 dc-h--w- c:\windows\ie8
2010-01-26 21:38:03 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-26 19:49:44 0 d-----w- c:\program files\Trend Micro
2010-01-26 18:35:22 0 d-----w- C:\RootkitNO
2010-01-26 18:19:33 2 --shatr- c:\windows\winstart.bat
2010-01-26 18:19:14 0 d-----w- c:\program files\UnHackMe
2010-01-26 17:00:42 0 d-----w- C:\SDFix
2010-01-25 22:32:31 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-25 22:29:26 0 d-----w- c:\program files\AVG
2010-01-25 19:08:49 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2010-01-25 19:08:49 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-01-25 19:08:49 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-01-25 19:08:48 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-01-25 19:08:48 1241088 -c--a-w- c:\windows\system32\dllcache\ieframe.dll.mui

==================== Find3M ====================

2010-01-27 16:21:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 17:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 9:32:13.34 ===============


RootRepeal Log :-

ROOTREPEAL Š AD, 2007-2009
==================================================
Scan Start Time: 2010/02/03 21:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAFDFC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA660000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAC084000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\microsoft\microsoft antimalware\support\mpwpptracing.bin
Status: Allocation size mismatch (API: 2097152, Raw: 1048576)

Path: F:\WIN51IC.RCāŠ
Status: Invisible to the Windows API!

Path: F:\WIN51IC.RC1
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\diCk.sy_
Status: Invisible to the Windows API!

Path: F:\cmdcons\i8042prt.s<_
Status: Invisible to the Windows API!

Path: F:\cmdcons\KBDHU1=DLL
Status: Invisible to the Windows API!

Path: F:\cmdcons\KBDGR.=LL
Status: Invisible to the Windows API!

Path: F:\cmdcons\oh=i1394.sy_
Status: Invisible to the Windows API!

Path: F:\cmdcons\serialStatus: Invisible to the Windows API!

Path: f:\cmdcons\sparrow.sy_
Status: Size mismatch (API: 11098, Raw: 16888498602650458)

Path: F:\cmdcons\usbohcĮ.sy_
Status: Invisible to the Windows API!

Path: F:\cmdcons\vgaoemĮfo_
Status: Invisible to the Windows API!

Path: F:\cmdcons\disk.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\i8042prt.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\KBDGR.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\KBDHU1.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\ohci1394.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\serial.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\usbohci.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\vgaoem.fo_
Status: Visible to the Windows API, but not on disk.

Path: F:\RECYCLER\S-1-5-21-1292428093-706699Ä—26-839522115-1003
Status: Invisible to the Windows API!

Path: F:\RECYCLER\S-1-5-21-1292428093-706699826-839522115-1003
Status: Visible to the Windows API, but not on disk.

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_restore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\Fonts\co6re.fon
Status: Invisible to the Windows API!

Path: f:\minint\fonts\gulim.ttc
Status: Allocation size mismatch (API: 13518848, Raw: 16607023639447552)

Path: F:\MiniNT\Fonts\coure.fon
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\net21x4.in<
Status: Invisible to the Windows API!

Path: f:\minint\inf\net3c589.pnf
Status: Size mismatch (API: 11544, Raw: 16888498602650904)

Path: F:\MiniNT\inf\ne:an983.inf
Status: Invisible to the Windows API!

Path: f:\minint\inf\netcicap.inf
Status: Allocation size mismatch (API: 8192, Raw: 16325548649226240)

Path: F:\MiniNT\inf\netcb325.i:f
Status: Invisible to the Windows API!

Path: f:\minint\inf\netepro.pnf
Status: Size mismatch (API: 8232, Raw: 16325548649226280)

Path: F:\MiniNT\inf\ne:ias.PNF
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\netkls:.PNF
Status: Invisible to the Windows API!

Path: f:\minint\inf\netlanep.inf
Status: Size mismatch (API: 1823, Raw: 16325548649219871)

Path: F:\MiniNT\inf\netmhz:5.inf
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\ne;rsvp.inf
Status: Invisible to the Windows API!

Path: f:\minint\inf\netrtoem.inf
Status: Size mismatch (API: 235190, Raw: 16607023626163894)

Path: F:\MiniNT\inf\netsk_:P.PNF
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\nettdk:.PNF
Status: Invisible to the Windows API!

Path: f:\minint\inf\nettpsmp.inf
Status: Size mismatch (API: 4749, Raw: 16325548649222797)

Path: F:\MiniNT\inf\netwv48.PN<
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\netx56<5.inf
Status: Invisible to the Windows API!

Path: f:\minint\inf\nvata.inf
Status: Size mismatch (API: 3190, Raw: 16888498602642550)

Path: F:\MiniNT\inf\net21x4.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netan983.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netcb325.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netias.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netklsi.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netmhzn5.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netrsvp.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netsk_fp.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\nettdkb.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netwv48.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netx56n5.inf
Status: Visible to the Windows API, but not on disk.

Path: f:\minint\system32\backupst.exe
Status: Allocation size mismatch (API: 868352, Raw: 19140298417192960)

Path: F:\MiniNT\system32\BackupSTJP_OEM1.smD
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\clusapi.dl<
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\C_1000Â.NLS
Status: Invisible to the Windows API!

Path: f:\minint\system32\ipconfig.exe
Status: Size mismatch (API: 49664, Raw: 29836347531379200)

Path: f:\minint\system32\nwwks.dll
Status: Allocation size mismatch (API: 59392, Raw: 29836347531388928)

Path: F:\MiniNT\system32\dbgengStatus: Invisible to the Windows API!

Path: f:\minint\system32\dgnet.dll
Status: Size mismatch (API: 103424, Raw: 54887620458681344)

Path: F:\MiniNT\system32\driverĪ
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\E1000MSG.DĪL
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\fpnpba?e.usa
Status: Invisible to the Windows API!

Path: f:\minint\system32\hal.dll
Status: Allocation size mismatch (API: 104448, Raw: 17732923532875776)

Path: F:\MiniNT\system32\IMJP81K.DL?
Status: Invisible to the Windows API!

Path: f:\minint\system32\initpki.dll
Status: Size mismatch (API: 144896, Raw: 17732923532916224)

Path: F:\MiniNT\system32\kb=a3.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\kerber>s.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\LOCO_XGA.BMP
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\msjet40.dl>
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\NOISE.>HS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\NT>LL.DLL
Status: Invisible to the Windows API!

Path: f:\minint\system32\ntsd.exe
Status: Allocation size mismatch (API: 32768, Raw: 17451448556093440)

Path: F:\MiniNT\system32\NvRaidSvEn?.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\od?ccp32.cpl
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\polstore.d>l
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\Pr>mium.exe
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\rasapi32.dĪl
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\Restore.xgG
Status: Invisible to the Windows API!

Path: f:\minint\system32\restorestch_oem1.smf
Status: Allocation size mismatch (API: 61440, Raw: 19984723346518016)

Path: f:\minint\system32\restorest_oem1.smf
Status: Allocation size mismatch (API: 61440, Raw: 19984723346518016)

Path: F:\MiniNT\system32\rpÁrt4.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\servic@s.exe
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\sortkey.nlA
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\spAolss.dll
Status: Invisible to the Windows API!

Path: f:\minint\system32\startnet.cmd
Status: Allocation size mismatch (API: 0, Raw: 18295873486192640)

Path: F:\MiniNT\system32\UNICDIAE.IME
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\virtdk64.sBs
Status: Invisible to the Windows API!

Path: f:\minint\system32\wingb.ime
Status: Allocation size mismatch (API: 69632, Raw: 18577348462972928)

Path: F:\MiniNT\system32\wkAsvc.dll
Status: Invisible to the Windows API!

Path: f:\minint\system32\writer.ini
Status: Size mismatch (API: 569, Raw: 18295873486193209)

Path: f:\minint\system32\backupwiz_oem1.smf
Status: Allocation size mismatch (API: 157696, Raw: 13792273858979840)

Path: F:\MiniNT\system32\kb)hu.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\BackupSTJP_OEM1.smf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\clusapi.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\C_10006.NLS
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\dbgeng.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\drivers
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\E1000MSG.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\fpnpbase.usa
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\IMJP81K.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\kbda3.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\kbdhu.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\kerberos.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\LOGO_XGA.BMP
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\msjet40.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\NOISE.CHS
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\NTDLL.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\NvRaidSvEnu.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\odbccp32.cpl
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\polstore.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\Premium.exe
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\rasapi32.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\Restore.xga
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\rpcrt4.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\services.exe
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\sortkey.nls
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\spoolss.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\UNICDIME.IME
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\virtdk64.sys
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\wkssvc.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0ļx-ww_ff9986d7
Status: Invisible to the Windows API!

Path: F:\MiniNT\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
Status: Visible to the Windows API, but not on disk.

Path: \\?\F:\RECYCLER\S-1-5-21-1292428093-706699Ä—26-839522115-1003\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: F:\RECYCLER\S-1-5-21-1292428093-706699Ä—26-839522115-1003\desktop.ini
Status: Invisible to the Windows API!

Path: F:\RECYCLER\S-1-5-21-1292428093-706699Ä—26-839522115-1003\INFO2
Status: Invisible to the Windows API!

Path: \\?\F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP466
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP508
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP546
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP468
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP470
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP471
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP472
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP473
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP476
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP478
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP481
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP482
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP485
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP489
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP490
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP492
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP495
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP496
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP500
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP503
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP504
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP505
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP506
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP463
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP465
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP511
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP512
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP513
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP514
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP515
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP516
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP517
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP518
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP521
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP522
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP523
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP524
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP525
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP526
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP530
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP533
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP537
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP539
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP543
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP545
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP549
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP552
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP556
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP557
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP558
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP564
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP565
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP566
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP567
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP571
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP572
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP574
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP575
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP580
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP581
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP582
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP583
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP584
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP585
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP586
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP587
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP588
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP589
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP590
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP591
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP592
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP593
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP594
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rāļ˛store{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP595
Status: Invisible to the Windows API!

Path: f:\minint\system32\config\security
Status: Allocation size mismatch (API: 0, Raw: 16888498602639360)

Path: \\?\F:\MiniNT\system32\driverĪ\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: F:\MiniNT\system32\driverĪ\1394BUS.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\1394vdbg.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ABP480N5.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ac300nd5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ACPI.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ACPIEC.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\adm8511.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\adptsf50.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ADPU16=M.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\afd.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AHA154X.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ahcix86.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AIC78U2.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AI=78XX.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\akspccard.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\aksusb.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ali5261.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ALIIDE.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AMSINT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\an983.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\arp1394.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ASC.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ASC3350P.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ASC3550.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\aspi32.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\aspndis3.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\asyncmac.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ATAPI.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\atmarpc.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\atmlane.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\atmuni.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1.t4
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1cbase.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1tr6.t4
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1usa.t4
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b57xp32.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\bcm42u.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\bcm4e5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\beep.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\bioprime.bin
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\brzwlan.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\c4.bin
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cb102.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cb325.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cben5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CBIDF2K.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CD20XRNT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cdaudio.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CDFS.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CDROM.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ce2n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ce3n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cem28n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cem33n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cem56n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cinemst2.sStatus: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CMDIDE.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cnxt1803.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CPQARRAY.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cpqndis5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cpqtrnd5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\c_1252.nl_
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\c_437.nl_
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\d100ib5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DAC2W2<.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DAC960NT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dc21x4.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\defpa.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dfe650.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dfe650d.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dgapci.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dgsetup.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\diapi2.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\digirlpt.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DISK.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\diskdump.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\diwan.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dlh5xnd5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dm9pci5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DMBOOT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DMIO.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DMLOAD.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dp83820.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DPTI2O.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ds110.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8bfe

Stealth Objects
-------------------
Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 1256) Address: 0x10000000 Size: 204800

Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 4228) Address: 0x10000000 Size: 204800

Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 4804) Address: 0x10000000 Size: 204800

Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 4772) Address: 0x10000000 Size: 204800

==EOF==

Attached Files


Edited by garmanma, 04 February 2010 - 06:40 PM.

BC AdBot (Login to Remove)

 

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 AM

Posted 11 February 2010 - 12:05 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg

#3 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:10:04 AM

Posted 13 February 2010 - 08:21 AM

Syler - thanks for the offer of help, unfortunately I just experienced everybodies worst nightmare - my PC crashed and wouldn't boot up. I eventually got the PC back up with the Windows disk but couldn't then do anything with it. This has resulted in me having to format and rebuild. Therefore the problem has "gone away" (at least for the time being!!!). If it does return or I get similar problems I'll raise a new thread. Once again thanks for your offer of help.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:04 AM

Posted 13 February 2010 - 10:18 AM

Thanks for letting me know thumbup2.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·