Windows Antivirus Pro or Privacy Center Malware

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

< 1 2 3 >

Windows Antivirus Pro or Privacy Center Malware - Can't open any p, Windows Antivirus Pro or Privacy Center Malware - Can't open any p

Options

guitarroman1 View Member Profile	Aug 8 2009, 05:49 PM Post #16
Member Posts: 32 OS: Windows Vista	Nvm about the word documents, they're fine. Kasperky is failing. "Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]" I am online, and I've tried it a bunch of times.... thanks

handhfan View Member Profile	Aug 9 2009, 08:09 AM Post #17
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Try this instead. Please click here to download AVP Tool by Kaspersky. Save it to your desktop. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Double click the setup file to run it. Click Next to continue. It will by default install it to your desktop folder.Click Next. Hit ok at the prompt for scanning in Safe Mode. It will then open a box There will be a tab that says Automatic scan. Under Automatic scan make sure these are checked. System Memory Startup Objects Disk Boot Sectors. My Computer. Also any other drives (Removable that you may have) After that click on *Security level* then choose *Customize* then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok. Then choose OK again then you are back to the main screen. Then click on Scan at the to right hand Corner. It will automatically Neutralize any objects found. If some objects are left un-neutralized then click the button that says Neutralize all If it says it cannot be Neutralized then chooose The delete option when prompted. After that is done click on the reports button at the bottom and save it to file name it Kas. Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply. *Note: This tool will self uninstall when you close it so please save the log before closing it.*

handhfan View Member Profile	Aug 10 2009, 07:28 AM Post #19
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :Files C:\Users\Sanyal\Desktop\Power Tabs\12510854\12510854.exe C:\Windows\System32\temp.exe :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

guitarroman1 View Member Profile	Aug 10 2009, 11:42 AM Post #20
Member Posts: 32 OS: Windows Vista	All processes killed ========== FILES ========== File\Folder C:\Users\Sanyal\Desktop\Power Tabs\12510854\12510854.exe not found. File\Folder C:\Windows\System32\temp.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sanyal ->Temp folder emptied: 76486475 bytes File delete failed. C:\Users\Sanyal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 336761 bytes ->Java cache emptied: 13553530 bytes ->FireFox cache emptied: 37715848 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\Windows\temp\JETBDD2.tmp scheduled to be deleted on reboot. Windows Temp folder emptied: 4857 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 122.16 mb OTL by OldTimer - Version 3.0.10.5 log created on 08102009_132553 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JETBDD2.tmp not found! Registry entries deleted on Reboot... AHHHHH ITS BACK Its on my desktop again and its in my processes as svchast.exe and windows antivirus pro.exe !!!!!

handhfan View Member Profile	Aug 10 2009, 11:45 AM Post #21
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please also post a new OTL log.

guitarroman1 View Member Profile	Aug 10 2009, 12:31 PM Post #22
Member Posts: 32 OS: Windows Vista	OTL logfile created on: 8/10/2009 2:24:02 PM - Run 3 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sanyal\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.86 Gb Available Physical Memory \| 92.89% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 170.28 Gb Free Space \| 59.29% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.71% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANYAL-PC Current User Name: Sanyal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\SMINST\BLService.exe () PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Sanyal\Downloads\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AppHostSvc [Auto \| Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Basics Service [Auto \| Running]) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Com4QLBEx [On_Demand \| Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Eventlog [Auto \| Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (HP Health Check Service [Auto \| Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (hpqwmiex [On_Demand \| Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (LightScribeService [Auto \| Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Net Driver HPZ12 [Auto \| Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Norton Internet Security [Auto \| Running]) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) SRV - (nvsvc [Auto \| Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto \| Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard) SRV - (Recovery Service for Windows [Auto \| Running]) -- C:\Program Files\SMINST\BLService.exe () SRV - (RichVideo [Auto \| Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe () SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WAS [On_Demand \| Stopped]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (XAudioService [Auto \| Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" FF - prefs.js..browser.search.selectedEngine: "AIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1 FF - prefs.js..extensions.enabledItems: debatecopy@randomrandomemail.com:0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/17 23:29:49 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 23:05:31 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 18:20:38 \| 00,000,000 \| ---D \| M] [2009/01/12 18:42:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Extensions [2009/01/12 18:42:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/09 22:14:17 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions [2009/01/25 19:45:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/01/13 15:50:37 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/06 00:05:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\debatecopy@randomrandomemail.com [2009/08/10 14:19:18 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/08/04 23:05:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/08 18:20:46 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/08/04 23:05:19 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/04 23:05:19 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/08/08 18:19:35 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/11/06 12:33:48 \| 01,332,224 \| ---- \| M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/12/10 20:33:34 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008/09/26 12:40:34 \| 00,053,248 \| ---- \| M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009/01/16 18:40:44 \| 00,279,888 \| ---- \| M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll [2009/08/04 23:05:22 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2003/07/14 23:56:52 \| 00,013,888 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/07/08 00:49:16 \| 00,136,768 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/07/08 00:49:23 \| 00,008,192 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009/07/08 00:49:12 \| 00,094,208 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008/09/10 13:49:12 \| 06,583,016 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2007/04/16 13:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/03/07 01:03:44 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/07 01:03:44 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/07 01:03:44 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/07 01:03:44 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/07 01:03:44 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/07 01:03:44 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/03/07 01:03:45 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (1454 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC) O4 - HKCU..\Run: [Google Update] C:\Users\Sanyal\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d102417-26bf-11de-b58c-001f165cff39}\Shell - "" = AutoRun O33 - MountPoints2\{0d102417-26bf-11de-b58c-001f165cff39}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{a2a93011-e3ea-11dd-86bd-001f165cff39}\Shell - "" = AutoRun O33 - MountPoints2\{a2a93011-e3ea-11dd-86bd-001f165cff39}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 14 Days ========== [2009/08/10 04:28:55 \| 01,814,009 \| -H-- \| C] () -- C:\Users\Sanyal\AppData\Local\IconCache.db [2009/08/10 04:10:47 \| 29,510,90176 \| -HS- \| C] () -- C:\hiberfil.sys [2009/08/09 22:20:39 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\is-S8GBO [2009/08/09 21:04:32 \| 53,937,371 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Brian Blade Live at Newport August 2009.mp3 [2009/08/09 20:49:12 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\Documents\Ask and Record Toolbar [2009/08/09 20:49:11 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\AppData\Local\FLVService [2009/08/09 20:48:55 \| 00,000,000 \| ---D \| C] -- C:\Windows\Ask & Record Toolbar [2009/08/09 20:48:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Ask & Record Toolbar [2009/08/09 20:45:39 \| 00,000,067 \| ---- \| C] () -- C:\Windows\AudioMidRecorder.INI [2009/08/08 17:52:23 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/08/08 15:27:07 \| 00,000,000 \| ---D \| C] -- C:\32788R22FWJFW [2009/08/07 17:01:42 \| 03,122,735 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Combo-Fix.exe [2009/08/04 23:24:55 \| 00,001,834 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\HijackThis.lnk [2009/08/04 23:24:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/08/04 09:25:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files\PrivacyCenter [2009/08/02 14:32:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\AppData\Roaming\Malwarebytes [2009/08/02 14:32:39 \| 00,000,778 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/02 14:32:35 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/02 14:32:32 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/02 14:32:32 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/08/02 14:32:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/02 14:08:20 \| 00,002,734 \| ---- \| C] () -- C:\Users\Sanyal\Documents\cc_20090802_140812.reg [2009/08/01 15:48:59 \| 00,000,000 \| ---D \| C] -- C:\Windows\Minidump [2009/08/01 15:42:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Antares Audio Technologies [2009/07/28 23:51:54 \| 05,666,816 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Erick Sermon Marvin Gaye - Just Like Music.mp3 ========== Files - Modified Within 14 Days ========== [4 C:\Users\Sanyal\Desktop\.tmp files] [2009/08/10 14:19:53 \| 00,000,246 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/08/10 14:19:16 \| 00,027,934 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/08/10 14:19:16 \| 00,027,934 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/08/10 14:19:14 \| 00,000,223 \| ---- \| M] () -- C:\Windows\Brownie.ini [2009/08/10 14:18:52 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/08/10 14:18:52 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/08/10 14:18:43 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/08/10 14:18:04 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/08/10 14:17:58 \| 29,510,90176 \| -HS- \| M] () -- C:\hiberfil.sys [2009/08/10 14:17:10 \| 01,814,009 \| -H-- \| M] () -- C:\Users\Sanyal\AppData\Local\IconCache.db [2009/08/10 13:37:02 \| 00,000,912 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000UA.job [2009/08/10 04:24:12 \| 00,002,191 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2009/08/10 04:11:47 \| 00,000,326 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForSanyal.job [2009/08/09 22:13:07 \| 53,937,371 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Brian Blade Live at Newport August 2009.mp3 [2009/08/09 20:45:41 \| 00,000,067 \| ---- \| M] () -- C:\Windows\AudioMidRecorder.INI [2009/08/08 15:37:04 \| 00,000,860 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000Core.job [2009/08/07 17:01:44 \| 03,122,735 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Combo-Fix.exe [2009/08/07 01:19:48 \| 00,008,268 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Local\d3d9caps.dat [2009/08/05 16:37:02 \| 00,870,128 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Roaming\mcs.rma [2009/08/05 16:37:02 \| 00,000,004 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Roaming\1C8A3E [2009/08/05 00:36:27 \| 00,694,964 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/08/05 00:36:27 \| 00,598,588 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/08/05 00:36:27 \| 00,102,194 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/08/04 23:24:55 \| 00,001,834 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\HijackThis.lnk [2009/08/04 18:58:16 \| 00,000,376 \| ---- \| M] () -- C:\Windows\ODBC.INI [2009/08/03 23:10:48 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/08/02 14:32:39 \| 00,000,778 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/02 14:08:25 \| 00,002,734 \| ---- \| M] () -- C:\Users\Sanyal\Documents\cc_20090802_140812.reg [2009/08/01 16:15:06 \| 00,002,717 \| ---- \| M] () -- C:\Users\Public\Desktop\Drive Manager.lnk [2009/07/29 23:49:08 \| 00,000,066 \| ---- \| M] () -- C:\Windows\BBW_INFO.INI [2009/07/29 23:22:51 \| 00,054,272 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/29 02:17:19 \| 00,027,648 \| ---- \| M] () -- C:\Users\Sanyal\Documents\College Essay Ideas.doc [2009/07/28 23:53:04 \| 05,666,816 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Erick Sermon Marvin Gaye - Just Like Music.mp3 ========== LOP Check ========== [2009/08/02 14:32:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming [2009/01/12 19:54:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\acccore [2009/01/25 16:44:54 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Auslogics [2009/04/17 22:16:55 \| 00,000,000 \| R--D \| M] -- C:\Users\Sanyal\AppData\Roaming\Brother [2009/06/20 10:49:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\CyberLink [2009/01/18 12:06:01 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\funkitron [2006/11/02 08:37:34 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Media Center Programs [2009/04/08 01:21:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Red Kawa [2009/03/11 16:37:58 \| 00,000,000 \| RH-D \| M] -- C:\Users\Sanyal\AppData\Roaming\SecuROM [2009/03/12 16:09:57 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Sibelius Software [2009/01/14 17:23:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Spore [2009/01/28 23:08:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Thinstall [2009/08/01 15:41:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\uTorrent [2009/01/13 15:55:38 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\wsInspector [2009/08/03 23:10:48 \| 00,000,472 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/08/08 15:37:04 \| 00,000,860 \| ---- \| M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000Core.job [2009/08/10 13:37:02 \| 00,000,912 \| ---- \| M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000UA.job [2009/08/10 04:11:47 \| 00,000,326 \| ---- \| M] () -- C:\Windows\Tasks\HPCeeScheduleForSanyal.job [2009/08/10 14:18:43 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/08/10 14:17:14 \| 00,032,638 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/10/2009 2:24:02 PM - Run 3 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sanyal\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.86 Gb Available Physical Memory \| 92.89% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 170.28 Gb Free Space \| 59.29% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.71% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANYAL-PC Current User Name: Sanyal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B9ACBA-8F3F-487D-B23B-C7F7A6B32BBD}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{07069F98-D4BE-486D-B788-4515E7C8C79B}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{3502A2BF-FBD9-432C-9402-24E6AFA5A407}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{40427F6B-CB3A-41CF-98A3-457C16A1BDFD}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{44CEF0E3-5D13-418C-8065-4F94966847D3}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{4D3A73EB-C18F-44BA-ABE4-627C4843B41B}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{6C400418-BB2A-4305-9B82-34D82122C71C}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{6CBC6707-4E45-4787-8C97-6B7E427996F1}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{6CC2BC9D-4FAE-499F-AFD2-AAB89753D060}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{76011C32-5968-4560-9D68-69BA375EF34F}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{783EF5C0-F628-48E0-8967-26EFDE9BE8C9}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{80C1F322-14DB-45A0-92DF-F8E051E7CAC8}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{97C397DB-5F34-49F1-8CD6-63580DA8B537}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{98D13113-9481-4AE4-A59A-88AD881AA323}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{A23D91D3-6D24-419E-932D-3771E3CB8C30}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{B0C598F0-FA70-43E5-BAC1-8C34E013D6A5}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{D34732C2-28F0-42F7-B031-864F6D03C3A3}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{D4E32749-0956-403B-B97C-E5337AA0E043}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A99DDE7-A16F-4E56-9364-D35DA2A35F66}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{0D7B65F9-D886-4ECE-AF0C-EDC8F8DF06CC}" = dir=in \| app=c:\program files\hp\quickplay\qp.exe \| "{0E3994D8-1CC7-49B5-B496-663EDCE1AF97}" = dir=in \| app=c:\program files\hp\quickplay\qpservice.exe \| "{22B6259F-75E8-43A2-9A4A-DEF73FB03A29}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{2F6E7113-D9DB-4D85-8574-8D5F5DDCEBBA}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{356CDF95-8CF1-45E3-8949-0CA37A4BADDA}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{42A68B98-7D7F-4B9A-86DF-77C5CC60EB5A}" = protocol=17 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.dll \| "{4902CBA3-3773-4B14-B6C8-7E215919B83C}" = dir=in \| app=c:\program files\cyberlink\powerdirector\pdr.exe \| "{673D26F9-513D-49AE-B597-ACFAFABCC71D}" = protocol=17 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.exe \| "{6B41B0F7-AB22-428E-8F2E-48A149EB25F3}" = protocol=17 \| dir=in \| app=c:\program files\utorrent\utorrent.exe \| "{6E815EB3-3977-44D8-8C96-180E9940D609}" = protocol=17 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{6F4FCB6B-C97F-47A4-BFD0-3988D1709D22}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{79A1CB3B-8963-4340-96D4-08F0828DE5DA}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{7BC6ED4C-360C-42CD-946F-B9D3797CDCE5}" = protocol=17 \| dir=in \| app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe \| "{89379DE9-CB67-4267-A88A-25F76CA7E1C4}" = protocol=6 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{898FC0FF-AC07-49E9-BBE9-371C365463FB}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{A3051711-8C7D-4DCF-A6FF-CA3B7DD4FE45}" = protocol=6 \| dir=in \| app=c:\program files\utorrent\utorrent.exe \| "{ADAB3E6B-7D22-4A80-A907-F40EB3FCF679}" = protocol=17 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{B406F2D2-C31F-48EB-B203-2CAD6ADC7597}" = protocol=6 \| dir=in \| app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe \| "{B751D9D9-C4EE-4265-8CA3-C0CA12356FFE}" = protocol=6 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.dll \| "{BCAEF5D0-AE20-4EB5-A1D1-035BDD1F4EA6}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{BE8C952A-A7D1-4C61-A2E1-6AD2213520A9}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{C77E9E86-1BCB-4579-B3BF-326B8CD0A4E8}" = protocol=6 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{F8F34E80-0FBB-4771-9B7C-C80C2C80FB65}" = protocol=6 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.exe \| "TCP Query User{013B4797-ADFD-42D2-B9F9-3E8BDCC6D056}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{EC46A427-36E9-4C2D-8803-882BEEE14256}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15 "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "A0 TapeEcho II" = A0 TapeEcho II "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM Toolbar" = AIM Toolbar "AIM_6" = AIM 6 "AviSynth" = AviSynth 2.5 "BB_is1" = Band-in-a-Box 2007 "CCleaner" = CCleaner (remove only) "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "HijackThis" = HijackThis 2.0.2 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "iZotope Ozone 3_is1" = iZotope Ozone 3 "Kjaerhus Audio - Golden Audio Channel \| GAC-1_is1" = Kjaerhus Audio - Golden Audio Channel \| GAC-1 v1.01 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "Musicnotes Player_is1" = Musicnotes Player V1.23.2 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1 "PowerISO" = PowerISO "RealPlayer 12.0" = RealPlayer "Rhapsody" = Rhapsody "Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30 "SoftwareUpdUtility" = Download Updater (AOL LLC) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veoh Web Player Beta" = Veoh Web Player Beta "Videora iPod Converter" = Videora iPod Converter 4.04 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = �Torrent ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > MALWARE Malwarebytes' Anti-Malware 1.39 Database version: 2547 Windows 6.0.6001 Service Pack 1 8/10/2009 2:16:42 PM mbam-log-2009-08-10 (14-16-42).txt Scan type: Quick Scan Objects scanned: 81287 Time elapsed: 7 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_12 (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_12 (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desot.exe "%1" %) Good: ("%1" %*) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. Files Infected: C:\Windows\System32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. c:\Windows\svchast.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\System32\desot.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. c:\Windows\Temp\winantivsetup.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. c:\Windows\Temp\yjsvfclqdq.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\program files\windows antivirus pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. c:\program files\windows antivirus pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. c:\program files\windows antivirus pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. c:\program files\windows antivirus pro\Windows Antivirus Pro.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\windows antivirus pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Windows\System32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully. THANKS!

handhfan View Member Profile	Aug 10 2009, 08:29 PM Post #23
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. Post the contents of GMER.txt in your next reply.

guitarroman1 View Member Profile	Aug 10 2009, 11:03 PM Post #24
Member Posts: 32 OS: Windows Vista	i tried running the program twice and it gets to some file AS..something, I didnt have time to read. and then the system crashes.....

handhfan View Member Profile	Aug 11 2009, 09:35 AM Post #25
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	We Need to check for Rootkits with RootRepeal Download RootRepeal from the following location and save it to your desktop. Zip Mirrors (Recommended) Primary Mirror Secondary Mirror Secondary Mirror Rar Mirrors - Only if you know what a RAR is and can extract it. Primary Mirror Secondary Mirror Secondary Mirror Extract RootRepeal.exe from the archive. Open on your desktop. Click the tab. Click the button. Check all seven boxes: Push Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please. Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop. Start the Sysprot.exe program. Click on the Log tab. In the Write to log box select all items. Click on the Create Log button on the bottom right. After a few seconds a new Window should appear. Make sure Scan all drives is selected and click on the Start button. When it is complete a new Window will appear to indicate that the scan is finished. The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

guitarroman1 View Member Profile	Aug 11 2009, 09:39 PM Post #26
Member Posts: 32 OS: Windows Vista	ok, couple problems. First of all, I can't access firefox anymore. Windows shuts it down with some Data Execution Prevention, which I tried removing and can't. 2.) There is an error with the boot sector it says I should change the Disk Access Level. After clicking ok around 6 times it goes away and I ran the scan, but I had to run it seperately for each tag. Drivers: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/11 22:25 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: 00001CCF Image Path: 00001CCF Address: 0x891D2000 Size: 41219 File Visible: No Signed: - Status: - Name: 00001CCF Image Path: 00001CCF Address: 0x9E895000 Size: 73984 File Visible: No Signed: - Status: Hidden from the Windows API! Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x80601000 Size: 286720 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x81E19000 Size: 3907584 File Visible: - Signed: - Status: - Name: adp94xx.sys Image Path: C:\Windows\system32\drivers\adp94xx.sys Address: 0x89D46000 Size: 434176 File Visible: - Signed: - Status: - Name: adpahci.sys Image Path: C:\Windows\system32\drivers\adpahci.sys Address: 0x89DB0000 Size: 311296 File Visible: - Signed: - Status: - Name: adpu160m.sys Image Path: C:\Windows\system32\drivers\adpu160m.sys Address: 0x807BF000 Size: 110592 File Visible: - Signed: - Status: - Name: adpu320.sys Image Path: C:\Windows\system32\drivers\adpu320.sys Address: 0x805D4000 Size: 155648 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x8F685000 Size: 294912 File Visible: - Signed: - Status: - Name: aliide.sys Image Path: C:\Windows\system32\drivers\aliide.sys Address: 0x8073B000 Size: 28672 File Visible: - Signed: - Status: - Name: amdide.sys Image Path: C:\Windows\system32\drivers\amdide.sys Address: 0x80742000 Size: 28672 File Visible: - Signed: - Status: - Name: arc.sys Image Path: C:\Windows\system32\drivers\arc.sys Address: 0x89E23000 Size: 90112 File Visible: - Signed: - Status: - Name: arcsas.sys Image Path: C:\Windows\system32\drivers\arcsas.sys Address: 0x89E39000 Size: 90112 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x89CB0000 Size: 32768 File Visible: - Signed: - Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x89CB8000 Size: 122880 File Visible: - Signed: - Status: - Name: athr.sys Image Path: C:\Windows\system32\DRIVERS\athr.sys Address: 0x8E703000 Size: 933888 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\Windows\System32\ATMFD.DLL Address: 0x978C0000 Size: 311296 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS Address: 0x806BC000 Size: 40960 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x8F151000 Size: 28672 File Visible: - Signed: - Status: - Name: BHDrvx86.sys Image Path: C:\Windows\System32\Drivers\NIS\1002000.007\BHDrvx86.sys Address: 0x8FEF6000 Size: 266240 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x80422000 Size: 32768 File Visible: - Signed: - Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0x9C997000 Size: 102400 File Visible: - Signed: - Status: - Name: ccHPx86.sys Image Path: C:\Windows\System32\Drivers\NIS\1002000.007\ccHPx86.sys Address: 0x8FE99000 Size: 380928 File Visible: - Signed: - Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x97910000 Size: 57344 File Visible: - Signed: - Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0x9E9A8000 Size: 90112 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x8A7E7000 Size: 98304 File Visible: - Signed: - Status: - Name: CHDRT32.sys Image Path: C:\Windows\system32\drivers\CHDRT32.sys Address: 0x8F04E000 Size: 241664 File Visible: - Signed: - Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x8046B000 Size: 917504 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x80796000 Size: 135168 File Visible: - Signed: - Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x8042A000 Size: 266240 File Visible: - Signed: - Status: - Name: CmBatt.sys Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys Address: 0x8A9FC000 Size: 14208 File Visible: - Signed: - Status: - Name: cmdide.sys Image Path: C:\Windows\system32\drivers\cmdide.sys Address: 0x80749000 Size: 32768 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: C:\Windows\system32\DRIVERS\compbatt.sys Address: 0x806B9000 Size: 10496 File Visible: - Signed: - Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x8FF37000 Size: 53248 File Visible: - Signed: - Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x8A9BF000 Size: 36864 File Visible: - Signed: - Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x8FE82000 Size: 94208 File Visible: - Signed: - Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x8A9AE000 Size: 69632 File Visible: - Signed: - Status: - Name: djsvs.sys Image Path: C:\Windows\system32\drivers\djsvs.sys Address: 0x89E0F000 Size: 81920 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8F0B6000 Size: 151552 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8FF4F000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8FF44000 Size: 45056 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x8FF57000 Size: 40960 File Visible: - Signed: - Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x8EF38000 Size: 651264 File Visible: - Signed: - Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x8A987000 Size: 159744 File Visible: - Signed: - Status: - Name: eeCtrl.sys Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Address: 0x8FE07000 Size: 385024 File Visible: - Signed: - Status: - Name: elxstor.sys Image Path: C:\Windows\system32\drivers\elxstor.sys Address: 0x89E4F000 Size: 606208 File Visible: - Signed: - Status: - Name: EraserUtilRebootDrv.sys Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Address: 0x8FE65000 Size: 118784 File Visible: - Signed: - Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x8A19D000 Size: 65536 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x8A16B000 Size: 204800 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x8F5F2000 Size: 36864 File Visible: - Signed: - Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x8A6EB000 Size: 110592 File Visible: - Signed: - Status: - Name: GEARAspiWDM.sys Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys Address: 0x8A600000 Size: 9984 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x821D3000 Size: 208896 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x8A7D2000 Size: 73728 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\drivers\HIDPARSE.SYS Address: 0x8F161000 Size: 28672 File Visible: - Signed: - Status: - Name: hpcisss.sys Image Path: C:\Windows\system32\drivers\hpcisss.sys Address: 0x89D3B000 Size: 45056 File Visible: - Signed: - Status: - Name: HpqKbFiltr.sys Image Path: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys Address: 0x8A728000 Size: 16768 File Visible: - Signed: - Status: - Name: HSX_CNXT.sys Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys Address: 0x8F50F000 Size: 741376 File Visible: - Signed: - Status: - Name: HSX_DPV.sys Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys Address: 0x8F40C000 Size: 1060864 File Visible: - Signed: - Status: - Name: HSXHWAZL.sys Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys Address: 0x8F0DB000 Size: 253952 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0x9C90F000 Size: 438272 File Visible: - Signed: - Status: - Name: i2omp.sys Image Path: C:\Windows\system32\drivers\i2omp.sys Address: 0x89EE3000 Size: 40960 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys Address: 0x8A715000 Size: 77824 File Visible: - Signed: - Status: - Name: iastorv.sys Image Path: C:\Windows\system32\drivers\iastorv.sys Address: 0x89C0F000 Size: 659456 File Visible: - Signed: - Status: - Name: IDSvix86.sys Image Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSvix86.sys Address: 0x8F79C000 Size: 311296 File Visible: - Signed: - Status: - Name: iirsp.sys Image Path: C:\Windows\system32\drivers\iirsp.sys Address: 0x89EED000 Size: 65536 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: C:\Windows\system32\drivers\intelide.sys Address: 0x8071F000 Size: 28672 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: C:\Windows\system32\drivers\isapnp.sys Address: 0x8067F000 Size: 61440 File Visible: - Signed: - Status: - Name: iteatapi.sys Image Path: C:\Windows\system32\drivers\iteatapi.sys Address: 0x89EFD000 Size: 49152 File Visible: - Signed: - Status: - Name: iteraid.sys Image Path: C:\Windows\system32\drivers\iteraid.sys Address: 0x89F09000 Size: 49152 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x8A72D000 Size: 45056 File Visible: - Signed: - Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x80409000 Size: 32768 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\Windows\system32\DRIVERS\ks.sys Address: 0x89FD2000 Size: 172032 File Visible: - Signed: - Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x89F51000 Size: 462848 File Visible: - Signed: - Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0x9C8B8000 Size: 65536 File Visible: - Signed: - Status: - Name: lsi_fc.sys Image Path: C:\Windows\system32\drivers\lsi_fc.sys Address: 0x89F15000 Size: 106496 File Visible: - Signed: - Status: - Name: lsi_sas.sys Image Path: C:\Windows\system32\drivers\lsi_sas.sys Address: 0x89F2F000 Size: 98304 File Visible: - Signed: - Status: - Name: lsi_scsi.sys Image Path: C:\Windows\system32\drivers\lsi_scsi.sys Address: 0x89CD6000 Size: 106496 File Visible: - Signed: - Status: - Name: luafv.sys Image Path: C:\Windows\system32\drivers\luafv.sys Address: 0x8FF70000 Size: 110592 File Visible: - Signed: - Status: - Name: mdmxsdk.sys Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys Address: 0x9E8A8000 Size: 12672 File Visible: - Signed: - Status: - Name: megasas.sys Image Path: C:\Windows\system32\drivers\megasas.sys Address: 0x89F47000 Size: 40960 File Visible: - Signed: - Status: - Name: megasr.sys Image Path: C:\Windows\system32\drivers\megasr.sys Address: 0x8A005000 Size: 749568 File Visible: - Signed: - Status: - Name: modem.sys Image Path: C:\Windows\system32\drivers\modem.sys Address: 0x8F5C4000 Size: 53248 File Visible: - Signed: - Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x8FF61000 Size: 61440 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x8A768000 Size: 45056 File Visible: - Signed: - Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x80751000 Size: 65536 File Visible: - Signed: - Status: - Name: mpio.sys Image Path: C:\Windows\system32\drivers\mpio.sys Address: 0x8068E000 Size: 114688 File Visible: - Signed: - Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0x9C9B0000 Size: 86016 File Visible: - Signed: - Status: - Name: mraid35x.sys Image Path: C:\Windows\system32\drivers\mraid35x.sys Address: 0x8A0BC000 Size: 45056 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0x9C9C5000 Size: 131072 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0x8FF8B000 Size: 126976 File Visible: - Signed: - Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0x8FFAA000 Size: 233472 File Visible: - Signed: - Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0x9C9E5000 Size: 98304 File Visible: - Signed: - Status: - Name: msahci.sys Image Path: C:\Windows\system32\drivers\msahci.sys Address: 0x89D31000 Size: 40960 File Visible: - Signed: - Status: - Name: msdsm.sys Image Path: C:\Windows\system32\drivers\msdsm.sys Address: 0x80761000 Size: 106496 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x8F1A5000 Size: 45056 File Visible: - Signed: - Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x80650000 Size: 32768 File Visible: - Signed: - Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x8A573000 Size: 188416 File Visible: - Signed: - Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x8A50E000 Size: 176128 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x8A200000 Size: 40960 File Visible: - Signed: - Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x8A978000 Size: 61440 File Visible: - Signed: - Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x8A403000 Size: 1093632 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x8EFEF000 Size: 45056 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0x9C8F2000 Size: 40960 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x8A5A1000 Size: 143360 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x8F03D000 Size: 69632 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x8F71E000 Size: 57344 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x8F6CD000 Size: 204800 File Visible: - Signed: - Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x8A539000 Size: 237568 File Visible: - Signed: - Status: - Name: nfrd960.sys Image Path: C:\Windows\system32\drivers\nfrd960.sys Address: 0x8A0C7000 Size: 57344 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x8F1B0000 Size: 57344 File Visible: - Signed: - Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x8F792000 Size: 40960 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x8A80B000 Size: 1110016 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x81E19000 Size: 3907584 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x8F400000 Size: 28672 File Visible: - Signed: - Status: - Name: nvhda32v.sys Image Path: C:\Windows\system32\drivers\nvhda32v.sys Address: 0x8F5D1000 Size: 57344 File Visible: - Signed: - Status: - Name: nvlddmkm.sys Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys Address: 0x8E809000 Size: 7530656 File Visible: - Signed: - Status: - Name: nvmfdx32.sys Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys Address: 0x8E606000 Size: 1035776 File Visible: - Signed: - Status: - Name: nvraid.sys Image Path: C:\Windows\system32\drivers\nvraid.sys Address: 0x8077B000 Size: 110592 File Visible: - Signed: - Status: - Name: nvsmu.sys Image Path: C:\Windows\system32\DRIVERS\nvsmu.sys Address: 0x8A773000 Size: 32768 File Visible: - Signed: - Status: - Name: nvstor.sys Image Path: C:\Windows\system32\drivers\nvstor.sys Address: 0x8A0D5000 Size: 53248 File Visible: - Signed: - Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0x9C8C8000 Size: 172032 File Visible: - Signed: - Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x8F6FF000 Size: 90112 File Visible: - Signed: - Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x806AA000 Size: 61440 File Visible: - Signed: - Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x80658000 Size: 159744 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: C:\Windows\system32\drivers\pciide.sys Address: 0x80734000 Size: 28672 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS Address: 0x80726000 Size: 57344 File Visible: - Signed: - Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0x9E8AC000 Size: 909312 File Visible: - Signed: - Status: - Name: pfc.sys Image Path: C:\Windows\system32\drivers\pfc.sys Address: 0x8A7E4000 Size: 10368 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x81E19000 Size: 3907584 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8F089000 Size: 184320 File Visible: - Signed: - Status: - Name: processr.sys Image Path: C:\Windows\system32\DRIVERS\processr.sys Address: 0x8A706000 Size: 61440 File Visible: - Signed: - Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x80411000 Size: 69632 File Visible: - Signed: - Status: - Name: ql2300.sys Image Path: C:\Windows\system32\drivers\ql2300.sys Address: 0x8A20E000 Size: 1277952 File Visible: - Signed: - Status: - Name: ql40xx.sys Image Path: C:\Windows\system32\drivers\ql40xx.sys Address: 0x8A346000 Size: 348160 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x8F1E4000 Size: 36864 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x8E7E7000 Size: 94208 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x8A5C4000 Size: 61440 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x8A5D3000 Size: 81920 File Visible: - Signed: - Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x8A5E7000 Size: 86016 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x81E19000 Size: 3907584 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x8F756000 Size: 245760 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x8F195000 Size: 32768 File Visible: - Signed: - Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x8F19D000 Size: 32768 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9E9BE000 Size: 49152 File Visible: No Signed: - Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0x9C8FC000 Size: 77824 File Visible: - Signed: - Status: - Name: RTSTOR.SYS Image Path: C:\Windows\system32\drivers\RTSTOR.SYS Address: 0x8F5DF000 Size: 77824 File Visible: - Signed: - Status: - Name: sbp2port.sys Image Path: C:\Windows\system32\drivers\sbp2port.sys Address: 0x8A963000 Size: 86016 File Visible: - Signed: - Status: - Name: SCDEmu.SYS Image Path: C:\Windows\System32\Drivers\SCDEmu.SYS Address: 0x8F749000 Size: 52928 File Visible: - Signed: - Status: - Name: SCSIPORT.SYS Image Path: C:\Windows\system32\drivers\SCSIPORT.SYS Address: 0x807DA000 Size: 155648 File Visible: - Signed: - Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0x9E98A000 Size: 40960 File Visible: - Signed: - Status: - Name: sisraid2.sys Image Path: C:\Windows\system32\drivers\sisraid2.sys Address: 0x8A39B000 Size: 53248 File Visible: - Signed: - Status: - Name: sisraid4.sys Image Path: C:\Windows\system32\drivers\sisraid4.sys Address: 0x8A3A8000 Size: 86016 File Visible: - Signed: - Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x8F671000 Size: 81920 File Visible: - Signed: - Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x8A95B000 Size: 32768 File Visible: - Signed: - Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0x9C809000 Size: 716800 File Visible: - Signed: - Status: - Name: SRTSPX.SYS Image Path: C:\Windows\System32\Drivers\NIS\1002000.007\SRTSPX.SYS Address: 0x8F73F000 Size: 36992 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0x9E831000 Size: 311296 File Visible: - Signed: - Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0x9E80A000 Size: 159744 File Visible: - Signed: - Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0x9C97A000 Size: 118784 File Visible: - Signed: - Status: - Name: storport.sys Image Path: C:\Windows\system32\drivers\storport.sys Address: 0x89CF0000 Size: 266240 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x8EFFA000 Size: 4992 File Visible: - Signed: - Status: - Name: sym_hi.sys Image Path: C:\Windows\system32\drivers\sym_hi.sys Address: 0x8A3C9000 Size: 45056 File Visible: - Signed: - Status: - Name: sym_u3.sys Image Path: C:\Windows\system32\drivers\sym_u3.sys Address: 0x8A3D4000 Size: 45056 File Visible: - Signed: - Status: - Name: symc8xx.sys Image Path: C:\Windows\system32\drivers\symc8xx.sys Address: 0x8A3BD000 Size: 49152 File Visible: - Signed: - Status: - Name: SYMEFA.SYS Image Path: C:\Windows\System32\Drivers\NIS\1002000.007\SYMEFA.SYS Address: 0x8A1AD000 Size: 323584 File Visible: - Signed: - Status: - Name: SYMEVENT.SYS Image Path: C:\Windows\system32\Drivers\SYMEVENT.SYS Address: 0x8F64C000 Size: 151552 File Visible: - Signed: - Status: - Name: SymIMv.sys Image Path: C:\Windows\system32\DRIVERS\SymIMv.sys Address: 0x8F715000 Size: 36864 File Visible: - Signed: - Status: - Name: SYMTDI.SYS Image Path: C:\Windows\System32\Drivers\NIS\1002000.007\SYMTDI.SYS Address: 0x8F61D000 Size: 191488 File Visible: - Signed: - Status: - Name: SynTP.sys Image Path: C:\Windows\system32\DRIVERS\SynTP.sys Address: 0x8A738000 Size: 192640 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x8A604000 Size: 946176 File Visible: - Signed: - Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0x9E994000 Size: 49152 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x8EFE4000 Size: 45056 File Visible: - Signed: - Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x8F607000 Size: 90112 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x89FC2000 Size: 65536 File Visible: - Signed: - Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x978A0000 Size: 36864 File Visible: - Signed: - Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x8A9F3000 Size: 36864 File Visible: - Signed: - Status: - Name: tunnel.sys Image Path: C:\Windows\system32\DRIVERS\tunnel.sys Address: 0x8A9E8000 Size: 45056 File Visible: - Signed: - Status: - Name: uliahci.sys Image Path: C:\Windows\system32\drivers\uliahci.sys Address: 0x8A0E2000 Size: 245760 File Visible: - Signed: - Status: - Name: ulsata.sys Image Path: C:\Windows\system32\drivers\ulsata.sys Address: 0x8A3DF000 Size: 135168 File Visible: - Signed: - Status: - Name: ulsata2.sys Image Path: C:\Windows\system32\drivers\ulsata2.sys Address: 0x8A11E000 Size: 180224 File Visible: - Signed: - Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x89E00000 Size: 53248 File Visible: - Signed: - Status: - Name: usbccgp.sys Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys Address: 0x8F119000 Size: 94208 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x8A809000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x8A7C3000 Size: 61440 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x8F009000 Size: 212992 File Visible: - Signed: - Status: - Name: usbohci.sys Image Path: C:\Windows\system32\DRIVERS\usbohci.sys Address: 0x8A77B000 Size: 40960 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x8A785000 Size: 253952 File Visible: - Signed: - Status: - Name: usbvideo.sys Image Path: C:\Windows\System32\Drivers\usbvideo.sys Address: 0x8F130000 Size: 134016 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x8F168000 Size: 49152 File Visible: - Signed: - Status: - Name: viaide.sys Image Path: C:\Windows\system32\drivers\viaide.sys Address: 0x807B7000 Size: 32768 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x8F174000 Size: 135168 File Visible: - Signed: - Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x806C6000 Size: 61440 File Visible: - Signed: - Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x806D5000 Size: 303104 File Visible: - Signed: - Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x8A922000 Size: 233472 File Visible: - Signed: - Status: - Name: vsmraid.sys Image Path: C:\Windows\system32\drivers\vsmraid.sys Address: 0x8A14A000 Size: 135168 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x8F72C000 Size: 77824 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x8EFD7000 Size: 53248 File Visible: - Signed: - Status: - Name: wd.sys Image Path: C:\Windows\system32\drivers\wd.sys Address: 0x8A91A000 Size: 32768 File Visible: - Signed: - Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x8054B000 Size: 507904 File Visible: - Signed: - Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x805C7000 Size: 53248 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x97680000 Size: 2105344 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x97680000 Size: 2105344 File Visible: - Signed: - Status: - Name: wmiacpi.sys Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys Address: 0x8A800000 Size: 36864 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x80647000 Size: 36864 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x81E19000 Size: 3907584 File Visible: - Signed: - Status: - Name: xaudio.sys Image Path: C:\Windows\system32\DRIVERS\xaudio.sys Address: 0x9E9A0000 Size: 32768 File Visible: - Signed: - Status: - FILES: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/11 23:24 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Hidden/Locked Files ------------------- Path: Volume C:\ Status: MBR Rootkit Detected! Path: Volume C:\, Sector 1 Status: Sector mismatch Path: Volume C:\, Sector 2 Status: Sector mismatch Path: Volume C:\, Sector 3 Status: Sector mismatch Path: Volume C:\, Sector 4 Status: Sector mismatch Path: Volume C:\, Sector 5 Status: Sector mismatch Path: Volume C:\, Sector 6 Status: Sector mismatch Path: Volume C:\, Sector 7 Status: Sector mismatch Path: Volume C:\, Sector 8 Status: Sector mismatch Path: Volume C:\, Sector 9 Status: Sector mismatch Path: Volume C:\, Sector 10 Status: Sector mismatch Path: Volume C:\, Sector 11 Status: Sector mismatch Path: Volume C:\, Sector 12 Status: Sector mismatch Path: Volume C:\, Sector 16 Status: Sector mismatch Path: Volume C:\, Sector 17 Status: Sector mismatch Path: Volume C:\, Sector 20 Status: Sector mismatch Path: Volume C:\, Sector 21 Status: Sector mismatch Path: Volume C:\, Sector 26 Status: Sector mismatch Path: Volume C:\, Sector 30 Status: Sector mismatch Path: Volume C:\, Sector 31 Status: Sector mismatch Path: Volume C:\, Sector 32 Status: Sector mismatch Path: Volume C:\, Sector 34 Status: Sector mismatch Path: Volume C:\, Sector 35 Status: Sector mismatch Path: Volume C:\, Sector 36 Status: Sector mismatch Path: Volume C:\, Sector 40 Status: Sector mismatch Path: Volume C:\, Sector 44 Status: Sector mismatch Path: Volume C:\, Sector 49 Status: Sector mismatch Path: Volume C:\, Sector 57 Status: Sector mismatch Path: Volume C:\, Sector 58 Status: Sector mismatch Path: Volume C:\, Sector 61 Status: Sector mismatch Path: Volume C:\, Sector 62 Status: Sector mismatch Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{62b96136-7e24-11de-879f-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a58c3ff3-7c85-11de-9c79-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{E7148~1 Status: Locked to the Windows API! Path: C:\System Volume Information\{f518ca28-7a0c-11de-bd40-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{FEA04~1 Status: Locked to the Windows API! Path: C:\Windows\System32\vsfoceeshccvpt.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\vsfocenjlpwqox.dat Status: Invisible to the Windows API! Path: C:\Windows\System32\vsfocevvfnwhqw.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\vsfocexcyiiuio.dat Status: Invisible to the Windows API! Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Users\Sanyal\Downloads\WAKING~1.MP4:Zone.Identifier Status: Visible to the Windows API, but not on disk. Path: C:\Windows\System32\drivers\vsfoceetepwivf.sys Status: Invisible to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.0.6001.18000_none_2b246afa36bbbbbe\$$DeleteMe.System.configuration.dll.01c9efc5be289440.001a Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_f2c59d87b2191ef0\$$DeleteMe.System.Web.Services.dll.01c9efc5bcc38600.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6001.18000_none_30ebd8ea438a84a0\$$DeleteMe.System.Windows.Forms.dll.01c9efc5bdf8f8c0.0011 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.0.6001.18000_none_b54a0107031f6e7c\$$DeleteMe.System.Design.dll.01c9efc5bdd2e2c0.0010 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.0.6001.18000_none_8f9330c1f0d495a8\$$DeleteMe.System.Drawing.dll.01c9efc5bdfdbb80.0012 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system_b77a5c561934e089_6.0.6001.18000_none_da8fcc115bf832a8\$$DeleteMe.System.dll.01c9efc5be347b20.001b Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6001.18000_none_81a026374952e8f5\$$DeleteMe.System.XML.dll.01c9efc5be217020.0019 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.1.6001.22000_none_441eba1a267a5ad3\$$DeleteMe.fdProxy.dll.01c975438ab32993.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01c9bd98cf0d5d40.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01c9bd98ce691e60.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9bd98ced69da0.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01c9bd98cec13140.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01c9bd98cec5f400.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\$$DeleteMe.msxml3.dll.01c976204ec4b0d0.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\$$DeleteMe.msxml6.dll.01c976204b303f70.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18000_none_8d341b13018fde32\$$DeleteMe.netapi32.dll.01c976204e9e9ad0.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\$$DeleteMe.inetpp.dll.01c975438aeeabf3.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\$$DeleteMe.shell32.dll.01c976204e6a3c90.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.0.6001.18000_none_8664137a48407b03\$$DeleteMe.wuapi.dll.01c975438f8db753.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\$$DeleteMe.wuaueng.dll.01c975438f24fad3.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\$$DeleteMe.fastprox.dll.01c9bd98cf16e2c0.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363fa\$$DeleteMe.winhttp.dll.01c9bd98cf383600.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$DeleteMe.mscorlib.dll.01c9efc5be027e40.0014 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscoree_dll_31bf3856ad364e35_6.0.6001.18000_none_b55ffc255629a804\$$DeleteMe.mscoree.dll.01c9efc5bbc4d2e0.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_bf5ca9cf312f74f6\$$DeleteMe.mscorjit.dll.01c9efc5bdd08160.000f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18000_none_1ff6260de878daa7\$$DeleteMe.mscorsvw.exe.01c9efc5bd7d3140.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6001.18000_none_f727ac131683ca0f\$$DeleteMe.System.Web.dll.01c9efc5bd786e80.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6001.22000_none_449cd701f2cb8c19\$$DeleteMe.fundisc.dll.01c975438aec4a93.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\$$DeleteMe.urlmon.dll.01c976204ca858b0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\$$DeleteMe.gdi32.dll.01c9762050927b90.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\$$DeleteMe.wininet.dll.01c976204d268190.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01c9bd98ce85aee0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\$$DeleteMe.wininet.dll.01ca101cf36723c0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$DeleteMe.urlmon.dll.01ca101cf3410dc0.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSD.dll.01c9bd98cf1ba580.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSE.exe.01c9bd98cf148160.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\$$DeleteMe.iertutil.dll.01c976204cf94770.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01c9bd98ce7c2960.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.iertutil.dll.01ca101cf35418c0.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\$$DeleteMe.win32spl.dll.01c976204c7b1e90.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_b898612ecd927be5\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde48886\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a0199\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_f7e3c74d5c37ee6c\$$DeleteMe.mscorpe.dll.01c9efc5bd656380.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_11b154e1f4c6a222\$$DeleteMe.mscorsec.dll.01c9efc5bd193780.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.0.6001.18000_none_5af0232c04098a36\$$DeleteMe.mscorsvc.dll.01c9efc5bdb3f0e0.000d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_325d54542ee2dcf0\$$DeleteMe.mscorwks.dll.01c9efc5bc325220.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.18000_none_28a18f87536aba13\$$DeleteMe.System.Workflow.Activities.dll.01c9efc5bf0d1840.001d Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18000_none_e8786c49d067c522\$$DeleteMe.System.Workflow.ComponentModel.dll.01c9efc5bf0f79a0.001e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.18000_none_d81f265dbf5cdfe2\$$DeleteMe.System.Workflow.Runtime.dll.01c9efc5c00245e0.001f Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Locked to the Windows API! Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03E0C.log Status: Locked to the Windows API! Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03E0E.log Status: Invisible to the Windows API! Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03E0F.log Status: Invisible to the Windows API! Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03E0D.log Status: Locked to the Windows API! Path: c:\programdata\microsoft\search\data\applications\windows\tmp.edb Status: Allocation size mismatch (API: 4096, Raw: 2113536) Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03E5E.log Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS03E5F.log Status: Visible to the Windows API, but not on disk. Path: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\common client\ccsetmgr\volatile.dat Status: Allocation size mismatch (API: 544, Raw: 0) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\systemindex.crwl19.gthr Status: Allocation size mismatch (API: 568, Raw: 0) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\systemindex.ntfy128.gthr Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010014.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010015.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010016.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010017.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010018.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010002.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010003.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010004.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010007.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010027.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\0001001b.wid Status: Allocation size mismatch (API: 4096, Raw: 65536) Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Status: Visible to the Windows API, but not on disk. STEALTH: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/11 23:25 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Stealth Objects ------------------- Object: Hidden Handle [Index: 2508, Type: UnknownType] Process: csrss.exe (PID: 636) Address: 0x860fca88 Size: - Object: Hidden Handle [Index: 3188, Type: UnknownType] Process: csrss.exe (PID: 636) Address: 0x85eb5920 Size: - Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wininit.exe (PID: 688) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: services.exe (PID: 732) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: lsass.exe (PID: 744) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: lsm.exe (PID: 752) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfocevvfnwhqw.dll] Process: svchost.exe (PID: 904) Address: 0x00290000 Size: 49152 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 904) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: nvvsvc.exe (PID: 968) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1024) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1084) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1184) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1260) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1288) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SLsvc.exe (PID: 1420) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: rundll32.exe (PID: 1456) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1480) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1692) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: smss.exe (PID: 1892) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: Dwm.exe (PID: 1904) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: Explorer.EXE (PID: 1920) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: spoolsv.exe (PID: 364) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: taskeng.exe (PID: 368) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 580) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: WLANExt.exe (PID: 704) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 792) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: AppleMobileDeviceService.exe (PID: 2068) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SyncServicesBasics.exe (PID: 2088) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: mDNSResponder.exe (PID: 2112) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: LSSrvc.exe (PID: 2692) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 2820) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: ccSvcHst.exe (PID: 2860) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 2976) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 3112) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: BLService.exe (PID: 3168) Address: 0x001c0000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: RichVideo.exe (PID: 3208) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 3280) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: ViewpointService.exe (PID: 3344) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 3500) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SearchIndexer.exe (PID: 3636) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: xaudio.exe (PID: 3692) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SynTPEnh.exe (PID: 4060) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: QPService.exe (PID: 2656) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: QLBCTRL.exe (PID: 3404) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: HPWAMain.exe (PID: 3576) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: realsched.exe (PID: 2960) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: jusched.exe (PID: 3712) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wmpnscfg.exe (PID: 3988) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: ccSvcHst.exe (PID: 3392) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: hpqwmiex.exe (PID: 2592) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wmiprvse.exe (PID: 156) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: taskeng.exe (PID: 3672) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wmpnetwk.exe (PID: 4112) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: WiFiMsg.EXE (PID: 4672) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: Com4QLBEx.exe (PID: 4740) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SynTPHelper.exe (PID: 4920) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: HpqToaster.exe (PID: 5004) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: hphc_service.exe (PID: 5612) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: WSCStub.exe (PID: 4164) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wuauclt.exe (PID: 4776) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SearchProtocolHost.exe (PID: 4996) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: RootRepeal.exe (PID: 4816) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SearchFilterHost.exe (PID: 6112) Address: 0x10000000 Size: 28672

guitarroman1 View Member Profile	Aug 11 2009, 10:59 PM Post #27
Member Posts: 32 OS: Windows Vista	Sorry I read the directions wrong. Its been a long day. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/11 23:44 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: 00001CCF Image Path: 00001CCF Address: 0x891D2000 Size: 41219 File Visible: No Signed: - Status: - Name: 00001CCF Image Path: 00001CCF Address: 0x9E895000 Size: 73984 File Visible: No Signed: - Status: Hidden from the Windows API! Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8FF4F000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8FF44000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9E9BE000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: Volume C:\ Status: MBR Rootkit Detected! Path: Volume C:\, Sector 1 Status: Sector mismatch Path: Volume C:\, Sector 2 Status: Sector mismatch Path: Volume C:\, Sector 3 Status: Sector mismatch Path: Volume C:\, Sector 4 Status: Sector mismatch Path: Volume C:\, Sector 5 Status: Sector mismatch Path: Volume C:\, Sector 6 Status: Sector mismatch Path: Volume C:\, Sector 7 Status: Sector mismatch Path: Volume C:\, Sector 8 Status: Sector mismatch Path: Volume C:\, Sector 9 Status: Sector mismatch Path: Volume C:\, Sector 10 Status: Sector mismatch Path: Volume C:\, Sector 11 Status: Sector mismatch Path: Volume C:\, Sector 12 Status: Sector mismatch Path: Volume C:\, Sector 13 Status: Sector mismatch Path: Volume C:\, Sector 14 Status: Sector mismatch Path: Volume C:\, Sector 15 Status: Sector mismatch Path: Volume C:\, Sector 16 Status: Sector mismatch Path: Volume C:\, Sector 17 Status: Sector mismatch Path: Volume C:\, Sector 18 Status: Sector mismatch Path: Volume C:\, Sector 19 Status: Sector mismatch Path: Volume C:\, Sector 20 Status: Sector mismatch Path: Volume C:\, Sector 21 Status: Sector mismatch Path: Volume C:\, Sector 22 Status: Sector mismatch Path: Volume C:\, Sector 23 Status: Sector mismatch Path: Volume C:\, Sector 24 Status: Sector mismatch Path: Volume C:\, Sector 25 Status: Sector mismatch Path: Volume C:\, Sector 26 Status: Sector mismatch Path: Volume C:\, Sector 27 Status: Sector mismatch Path: Volume C:\, Sector 28 Status: Sector mismatch Path: Volume C:\, Sector 29 Status: Sector mismatch Path: Volume C:\, Sector 30 Status: Sector mismatch Path: Volume C:\, Sector 31 Status: Sector mismatch Path: Volume C:\, Sector 32 Status: Sector mismatch Path: Volume C:\, Sector 33 Status: Sector mismatch Path: Volume C:\, Sector 34 Status: Sector mismatch Path: Volume C:\, Sector 35 Status: Sector mismatch Path: Volume C:\, Sector 36 Status: Sector mismatch Path: Volume C:\, Sector 37 Status: Sector mismatch Path: Volume C:\, Sector 38 Status: Sector mismatch Path: Volume C:\, Sector 39 Status: Sector mismatch Path: Volume C:\, Sector 40 Status: Sector mismatch Path: Volume C:\, Sector 41 Status: Sector mismatch Path: Volume C:\, Sector 42 Status: Sector mismatch Path: Volume C:\, Sector 43 Status: Sector mismatch Path: Volume C:\, Sector 44 Status: Sector mismatch Path: Volume C:\, Sector 45 Status: Sector mismatch Path: Volume C:\, Sector 46 Status: Sector mismatch Path: Volume C:\, Sector 47 Status: Sector mismatch Path: Volume C:\, Sector 48 Status: Sector mismatch Path: Volume C:\, Sector 49 Status: Sector mismatch Path: Volume C:\, Sector 50 Status: Sector mismatch Path: Volume C:\, Sector 51 Status: Sector mismatch Path: Volume C:\, Sector 52 Status: Sector mismatch Path: Volume C:\, Sector 53 Status: Sector mismatch Path: Volume C:\, Sector 54 Status: Sector mismatch Path: Volume C:\, Sector 55 Status: Sector mismatch Path: Volume C:\, Sector 56 Status: Sector mismatch Path: Volume C:\, Sector 57 Status: Sector mismatch Path: Volume C:\, Sector 58 Status: Sector mismatch Path: Volume C:\, Sector 59 Status: Sector mismatch Path: Volume C:\, Sector 60 Status: Sector mismatch Path: Volume C:\, Sector 62 Status: Sector mismatch Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{62b96136-7e24-11de-879f-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a58c3ff3-7c85-11de-9c79-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{E7148~1 Status: Locked to the Windows API! Path: C:\System Volume Information\{f518ca28-7a0c-11de-bd40-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{FEA04~1 Status: Locked to the Windows API! Path: C:\Windows\System32\vsfoceeshccvpt.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\vsfocenjlpwqox.dat Status: Invisible to the Windows API! Path: C:\Windows\System32\vsfocevvfnwhqw.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\vsfocexcyiiuio.dat Status: Invisible to the Windows API! Path: C:\Windows\Temp\vsfoceulmjxuelxr.tmp Status: Invisible to the Windows API! Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Users\Sanyal\Downloads\WAKING~1.MP4:Zone.Identifier Status: Visible to the Windows API, but not on disk. Path: C:\Windows\System32\drivers\vsfoceetepwivf.sys Status: Invisible to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.0.6001.18000_none_2b246afa36bbbbbe\$$DeleteMe.System.configuration.dll.01c9efc5be289440.001a Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_f2c59d87b2191ef0\$$DeleteMe.System.Web.Services.dll.01c9efc5bcc38600.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6001.18000_none_30ebd8ea438a84a0\$$DeleteMe.System.Windows.Forms.dll.01c9efc5bdf8f8c0.0011 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.0.6001.18000_none_b54a0107031f6e7c\$$DeleteMe.System.Design.dll.01c9efc5bdd2e2c0.0010 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.0.6001.18000_none_8f9330c1f0d495a8\$$DeleteMe.System.Drawing.dll.01c9efc5bdfdbb80.0012 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system_b77a5c561934e089_6.0.6001.18000_none_da8fcc115bf832a8\$$DeleteMe.System.dll.01c9efc5be347b20.001b Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6001.18000_none_81a026374952e8f5\$$DeleteMe.System.XML.dll.01c9efc5be217020.0019 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.1.6001.22000_none_441eba1a267a5ad3\$$DeleteMe.fdProxy.dll.01c975438ab32993.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01c9bd98cf0d5d40.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01c9bd98ce691e60.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9bd98ced69da0.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01c9bd98cec13140.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01c9bd98cec5f400.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\$$DeleteMe.msxml3.dll.01c976204ec4b0d0.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\$$DeleteMe.msxml6.dll.01c976204b303f70.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18000_none_8d341b13018fde32\$$DeleteMe.netapi32.dll.01c976204e9e9ad0.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\$$DeleteMe.inetpp.dll.01c975438aeeabf3.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\$$DeleteMe.shell32.dll.01c976204e6a3c90.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.0.6001.18000_none_8664137a48407b03\$$DeleteMe.wuapi.dll.01c975438f8db753.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\$$DeleteMe.wuaueng.dll.01c975438f24fad3.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\$$DeleteMe.fastprox.dll.01c9bd98cf16e2c0.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363fa\$$DeleteMe.winhttp.dll.01c9bd98cf383600.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$DeleteMe.mscorlib.dll.01c9efc5be027e40.0014 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscoree_dll_31bf3856ad364e35_6.0.6001.18000_none_b55ffc255629a804\$$DeleteMe.mscoree.dll.01c9efc5bbc4d2e0.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_bf5ca9cf312f74f6\$$DeleteMe.mscorjit.dll.01c9efc5bdd08160.000f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18000_none_1ff6260de878daa7\$$DeleteMe.mscorsvw.exe.01c9efc5bd7d3140.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6001.18000_none_f727ac131683ca0f\$$DeleteMe.System.Web.dll.01c9efc5bd786e80.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6001.22000_none_449cd701f2cb8c19\$$DeleteMe.fundisc.dll.01c975438aec4a93.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\$$DeleteMe.urlmon.dll.01c976204ca858b0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\$$DeleteMe.gdi32.dll.01c9762050927b90.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\$$DeleteMe.wininet.dll.01c976204d268190.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01c9bd98ce85aee0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\$$DeleteMe.wininet.dll.01ca101cf36723c0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$DeleteMe.urlmon.dll.01ca101cf3410dc0.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSD.dll.01c9bd98cf1ba580.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSE.exe.01c9bd98cf148160.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\$$DeleteMe.iertutil.dll.01c976204cf94770.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01c9bd98ce7c2960.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.iertutil.dll.01ca101cf35418c0.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\$$DeleteMe.win32spl.dll.01c976204c7b1e90.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_b898612ecd927be5\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde48886\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a0199\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_f7e3c74d5c37ee6c\$$DeleteMe.mscorpe.dll.01c9efc5bd656380.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_11b154e1f4c6a222\$$DeleteMe.mscorsec.dll.01c9efc5bd193780.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.0.6001.18000_none_5af0232c04098a36\$$DeleteMe.mscorsvc.dll.01c9efc5bdb3f0e0.000d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_325d54542ee2dcf0\$$DeleteMe.mscorwks.dll.01c9efc5bc325220.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.18000_none_28a18f87536aba13\$$DeleteMe.System.Workflow.Activities.dll.01c9efc5bf0d1840.001d Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18000_none_e8786c49d067c522\$$DeleteMe.System.Workflow.ComponentModel.dll.01c9efc5bf0f79a0.001e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.18000_none_d81f265dbf5cdfe2\$$DeleteMe.System.Workflow.Runtime.dll.01c9efc5c00245eProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1356 Status: Locked to the Windows API! SSDT ------------------- ServiceTable Hooked [0x892d3f58]! Stealth Objects ------------------- Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wininit.exe (PID: 688) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: services.exe (PID: 732) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: lsass.exe (PID: 744) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: lsm.exe (PID: 752) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfocevvfnwhqw.dll] Process: svchost.exe (PID: 904) Address: 0x00290000 Size: 49152 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 904) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: nvvsvc.exe (PID: 968) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1024) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1084) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1184) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1260) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1288) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SLsvc.exe (PID: 1420) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: rundll32.exe (PID: 1456) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1480) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 1692) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: smss.exe (PID: 1892) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: Explorer.EXE (PID: 1920) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: spoolsv.exe (PID: 364) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: taskeng.exe (PID: 368) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 580) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: WLANExt.exe (PID: 704) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 792) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: AppleMobileDeviceService.exe (PID: 2068) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SyncServicesBasics.exe (PID: 2088) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: mDNSResponder.exe (PID: 2112) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: LSSrvc.exe (PID: 2692) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 2820) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: ccSvcHst.exe (PID: 2860) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 2976) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 3112) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: BLService.exe (PID: 3168) Address: 0x001c0000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: RichVideo.exe (PID: 3208) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 3280) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: ViewpointService.exe (PID: 3344) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: svchost.exe (PID: 3500) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SearchIndexer.exe (PID: 3636) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: xaudio.exe (PID: 3692) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SynTPEnh.exe (PID: 4060) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: QPService.exe (PID: 2656) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: QLBCTRL.exe (PID: 3404) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: HPWAMain.exe (PID: 3576) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: realsched.exe (PID: 2960) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: jusched.exe (PID: 3712) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wmpnscfg.exe (PID: 3988) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: ccSvcHst.exe (PID: 3392) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: hpqwmiex.exe (PID: 2592) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wmiprvse.exe (PID: 156) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: taskeng.exe (PID: 3672) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wmpnetwk.exe (PID: 4112) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: WiFiMsg.EXE (PID: 4672) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: Com4QLBEx.exe (PID: 4740) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SynTPHelper.exe (PID: 4920) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: HpqToaster.exe (PID: 5004) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: hphc_service.exe (PID: 5612) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: WSCStub.exe (PID: 4164) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: wuauclt.exe (PID: 4776) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SearchProtocolHost.exe (PID: 4996) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: RootRepeal.exe (PID: 7056) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: Dwm.exe (PID: 6832) Address: 0x10000000 Size: 28672 Object: Hidden Module [Name: vsfoceeshccvpt.dll] Process: SearchFilterHost.exe (PID: 6756) Address: 0x10000000 Size: 28672 Hidden Services ------------------- Service Name: dlqbuqri Image Path: C:\Windows\system32\drivers\fnrkr.sys Service Name: vsfocedbbcujva Image Path: C:\Windows\system32\drivers\vsfoceetepwivf.sys ==EOF== Thanks again infinitely!

handhfan View Member Profile	Aug 12 2009, 07:38 AM Post #28
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Open RootRepeal, click the Driver tab and select Scan. Right click and select Wipe File on: C:\Windows\System32\drivers\vsfoceetepwivf.sys Click the File tab and select Scan. Right click and select Wipe File on: C:\Windows\System32\vsfoceeshccvpt.dll C:\Windows\System32\vsfocenjlpwqox.dat C:\Windows\System32\vsfocevvfnwhqw.dll C:\Windows\System32\vsfocexcyiiuio.dat C:\Windows\Temp\vsfoceulmjxuelxr.tmp Go to below link and download MBRFix: http://www.sysint.no/en/Download.aspx Save and unzip them to your Desktop.. Then open the mbrfix folder, copy both mbrfix.exe and mbrfix64.exe to your root C drive.. Then go to Start >> Run >> copy/paste below >> Enter C:\MbrFix.exe /drive 0 fixmbr /yes Or, alternatively you can go to cmd command (Start >> Run >> cmd >> enter) and then type cd\ and then press Enter Upon C:\> type MbrFix /drive 0 fixmbr /yes and then press Enter... Reboot your computer. Please scan again with RootRepeal, and post that log in your next reply.

guitarroman1 View Member Profile	Aug 12 2009, 11:49 AM Post #29
Member Posts: 32 OS: Windows Vista	I CAN NOT ACCESS MY COMP AT ALL. There is a blue screen right when I log on and then it crashes. Should I just reformat? What is happening with my computer?!!

handhfan View Member Profile	Aug 12 2009, 08:35 PM Post #30
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	I'm not so quick to jump to reformatting here. There are still a few things I'm sure we could try. First, can you tell me what it says on the blue screen? As well, do you still happen to have your Windows Vista disk?

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

< 1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Windows XP�, 2000, 2003, NT Can't Open Windows Security Center	8 / 5,557	15th June 2007 - 02:40 PM jman4878 started - last by krmooo
Virus, Spyware and Trojan Removal 1st Fakealert.d!gen 2nd Windows Antivirus pro 2009 Can't run M 12	27 / 993	19th August 2009 - 10:51 AM DLoc0420 started - last by fenzodahl512
Virus, Spyware and Trojan Removal Unknown Virus or Malware (Windows Antivirus Pro?) [Solved]	7 / 229	23rd August 2009 - 07:11 AM Will H started - last by Essexboy
Virus, Spyware and Trojan Removal Windows Antivirus PRO I Can`t open any exe files, system restore, cmd 123	37 / 681	14th October 2009 - 12:31 AM indyboi2 started - last by indyboi2