Vista Internet Security 2010 (Rouge virus)

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Re: Vista Internet Security 2010 (Rouge virus)25th February 2010, 9:17 pm

I couldn't find :

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:24, on 25-02-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Indstillinger til Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop-administrator 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c91fca6ae93ab7) (gupdate1c91fca6ae93ab7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 14989 bytes

Re: Vista Internet Security 2010 (Rouge virus)25th February 2010, 10:51 pm

Hello.
One more log I want to see.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: Vista Internet Security 2010 (Rouge virus)26th February 2010, 12:32 am

2007 Microsoft Office Suite Service Pack 1 (SP1)
50 FREE MP3s +1 Free Audiobook!
ACD/Labs Software in C:\Program Files\ACDFREE12\
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS4
Adobe After Effects CS4
Adobe After Effects CS4 Third Party Content
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Dynamiclink Support
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe PDF Library Files CS4
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 6
Any Video Converter 2.6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.2.6
Avatar
Avatar
Avira AntiVir Personal - Free Antivirus
BaboViolent 2.11
Bonjour
Browser Address Error Redirector
Browser Defender 2.0.6.11
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner (remove only)
CDDRV_Installer
Collab
CoreWavPack DirectShow Filters (remove only)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
EDocs
Fingerprint Reader Suite 5.6
FL Studio 8
FlashGet 1.9.6.1073
foobar2000 v0.9.6.9
Garmin WebUpdater
Google Chrome
Google Desktop
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ijji - Gunz
IL Download Manager
ImageMixer with VCD
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
Internet Download Manager
iTunes
James Cameron's AVATAR(tm): THE GAME (Demo)
JDownloader
Junk Mail filter update
KhalSetup
Kompatibilitetspakke til Office 2007-systemet
LAME v3.98.2 for Audacity
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Mathcad 14.0 M020
Mathcad 14.0 M020 Help
Mathcad 14.0 M020 Resource Center
McAfee SecurityCenter
mCore
MediaDirect
MediaInfo 0.7.24
mHelp
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MicroStaff WINASPI
mMHouse
Mozilla Firefox (3.5.8)
mPfMgr
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
mWMI
NVIDIA Drivers
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Orbit Downloader
OutlookAddinSetup
Overførselsværktøj til Windows Live
Photoshop Camera Raw
Picasa 2
PoiZone
QuickSet
QuickTime
RocketDock 1.3.5
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG PC Share Manager
SAMSUNG PC Share Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SetPoint
Sony Vegas Pro 8.0
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Spyware Doctor 7.0
Steam
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
TI InterActive!

Tilmeldingsassistent til Windows Live
Toxic Biohazard
TrackMania Nations Forever
Trapcode 3DStroke
Trapcode Particular
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB974810)
VC80CRTRedist - 8.0.50727.4053
Vista Codec Package
VLC media player 0.9.9
WAV MP3 Converter v3.8 build 969
WD Diagnostics
WIDCOMM Bluetooth Software 6.0.1.3100
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)
Xilisoft DVD Ripper Platinum 5
Xvid 1.1.2 final uninstall

Re: Vista Internet Security 2010 (Rouge virus)26th February 2010, 11:14 pm

Hello.

You are running two antivirus', I see from the uninstall list you have Mcafee installed, along with Avira. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Symantec to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

How is the machine now?

Re: Vista Internet Security 2010 (Rouge virus)28th February 2010, 7:44 pm

I still have the problem where my computer freezes after about 20 minutes without doing anything on it. It maybe all the crap I hae on it, but it didn't do it before I got the virus..

Re: Vista Internet Security 2010 (Rouge virus)28th February 2010, 10:34 pm

Hello.

Download ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
Any better now?

Re: Vista Internet Security 2010 (Rouge virus)4th March 2010, 7:57 pm

Well it cleared some space on my harddrive, but apart from that, nothing really happened. But I think I was able to find out was causes the computer to freeze. From the taskmanager I could that my CPU was runnning 100 % when I began having the problems I experience before the comp freezes. I was able locate a process named WERfault.exe and stopped this the computer seemed to work fine. But the problem is, it keeps coming back, so have to stop the process every time. Very anoying!

you know about anything I could do about this? Big Grin

thanks

Re: Vista Internet Security 2010 (Rouge virus)4th March 2010, 11:39 pm

Actually, I want to check 1 more thing.

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

Please download RootRepeal.zip from here.
Extract the program file to your Desktop.
Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Re: Vista Internet Security 2010 (Rouge virus)5th March 2010, 11:30 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/05 22:34
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x92910000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA2584000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spbf.sys
Image Path: C:\Windows\System32\Drivers\spbf.sys
Address: 0x8068A000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f6d8328-21db-11df-ac0b-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{50c37790-1d29-11df-90d4-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{53cee027-1c1d-11df-9a28-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{595b4d30-1edf-11df-a334-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{595b4d37-1edf-11df-a334-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{595b4d3d-1edf-11df-a334-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8beb639d-25d1-11df-bc0e-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{AF3D4~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{04cb9d63-1ae2-11df-af9c-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{06CB0~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0b9b390e-1c88-11df-b15c-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2a163b0d-23d8-11df-bee8-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cc6b0d2c-1c7f-11df-8120-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cc6b0d33-1c7f-11df-8120-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d6761f4c-1bc6-11df-a0d7-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d68c4d8e-20b0-11df-a8fd-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e0ce97f5-1cc3-11df-aa3e-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e309b810-213b-11df-a7b0-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.30.microsoft.msxml2_6bd6b9abf345378f_4.30.2107.0_none_b3bfb803df9355d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.30.2100.0_none_3983779e74974f83.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.30.2107.0_none_398a79a4749100e4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.30.2100.0_none_03d8af9e7277524d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.0.6000.16386_none_7228d3744a853f0e\$$DeleteMe.meiryo.ttc.01cab618ab806830.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\ACTIVE~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI14F6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIEB39~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIFFBF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIF0C6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MICB54~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIDCF7~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI5E06~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\GROUPP~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIFD4D~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIE4F9~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI47C0~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI47B4~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI3D48~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI84FA~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIAAB6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI1F3F~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIA41E~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\APPLIC~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI5820~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIEAB3~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI3331~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\ACTIVE~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\APPLIC~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI14F6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFF44~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI5820~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI7A16~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2DAF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIEAB3~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3D48~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIEB39~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFFBF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIF0C6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICB54~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIDCF7~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFD4D~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIE4F9~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3779~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI47C0~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI47B4~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI5E06~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3331~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\GROUPP~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI84FA~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIAAB6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI1F3F~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIA41E~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16730_da-dk_13403d4933c6442f\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16730_da-dk_13403d4933c6442f\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20895_da-dk_138dfbfe4d100a52\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20895_da-dk_138dfbfe4d100a52\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_1546e9cd30d48426\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_1546e9cd30d48426\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18121_da-dk_15324c2530e3d286\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18121_da-dk_15324c2530e3d286\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22243_da-dk_15a849ac4a0fdce0\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22243_da-dk_15a849ac4a0fdce0\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\WiProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1228 Status: Locked to the Windows API!

SSDT
-------------------
#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8b907cdc

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8b907ece

#: 078 Function Name: NtCreateThread
Status: Hooked by "" at address 0x8cb38e74

#: 194 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x8cb38e60

#: 201 Function Name: NtOpenThread
Status: Hooked by "" at address 0x8cb38e65

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x8cb38e6f

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8b9080d6

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3112) Address: 0x67670000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 3112) Address: 0x68c50000 Size: 331776

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3112) Address: 0x6a350000 Size: 20480

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_CREATE]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_CLOSE]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_READ]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_WRITE]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_SHUTDOWN]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_POWER]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_PNP]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_CREATE]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_CLOSE]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_READ]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_WRITE]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_POWER]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_PNP]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_CREATE]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_CLOSE]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_POWER]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhciЬ瑅䝷嚸蘾ᙀ蝌, IRP_MJ_PNP]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_CREATE]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_CLOSE]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_CLEANUP]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_PNP]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_CREATE]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_CLOSE]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_PNP]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_CREATE]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_CLOSE]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_POWER]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_PNP]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_CREATE]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_CLOSE]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_POWER]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_PNP]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CREATE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CLOSE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_READ]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_WRITE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_EA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_EA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SHUTDOWN]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CLEANUP]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_SECURITY]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_POWER]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_QUOTA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_PNP]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CREATE]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CLOSE]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_READ]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_WRITE]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CLEANUP]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_PNP]
Process: System Address: 0x85580500 Size: 121

==EOF==

Re: Vista Internet Security 2010 (Rouge virus)5th March 2010, 11:32 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Vista Internet Security 2010 (Rouge virus)6th March 2010, 12:00 am

ComboFix 10-03-05.01 - Henrik 06-03-2010 0:44.1.2 - x86
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.45.1030.18.3581.2141 [GMT 1:00]
Kører fra: c:\users\Henrik\Documents\Downloads\Programs\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2229377645-1677654889-1682414303-500
c:\$recycle.bin\S-1-5-21-3760575259-3998885095-2510980084-500
c:\programdata\sysReserve.ini
c:\users\Henrik\AppData\Local\mtg.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-05 til 2010-03-05 )))))))))))))))))))))))))))))))))))
.

2010-03-06 20:05 . 2010-03-07 07:14 -------- d-----w- c:\users\Henrik\AppData\Local\Adobe
2010-03-02 08:12 . 2010-03-02 08:12 -------- d-----w- c:\programdata\WindowsSearch
2010-02-27 19:49 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:27 . 2010-02-24 13:27 -------- d-----w- c:\program files\Trend Micro
2010-02-24 13:25 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 13:25 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 13:25 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 13:25 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 13:25 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:25 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 13:25 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 13:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 13:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 13:25 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 22:32 . 2010-02-23 22:32 -------- d-----w- c:\program files\TrendMicro
2010-02-18 19:56 . 2010-02-18 19:56 -------- d-----w- c:\users\Henrik\AppData\Local\Threat Expert
2010-02-18 19:56 . 2010-02-18 19:56 -------- d-----w- c:\program files\Enigma Software Group
2010-02-17 23:24 . 2010-02-17 23:24 -------- d-----w- c:\users\Henrik\AppData\Roaming\PC Tools
2010-02-17 23:24 . 2010-02-17 23:24 -------- d-----w- c:\programdata\PC Tools
2010-02-15 23:27 . 2010-02-15 23:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-15 23:26 . 2010-02-15 23:26 -------- d-----w- c:\users\Henrik\AppData\Roaming\Malwarebytes
2010-02-15 23:26 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 23:26 . 2010-02-15 23:26 -------- d-----w- c:\programdata\Malwarebytes
2010-02-15 23:26 . 2010-02-15 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 23:26 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 19:26 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 19:26 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-08 12:41 . 2010-02-15 15:46 52224 ----a-w- c:\users\Henrik\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-08 12:40 . 2010-02-15 15:48 117760 ----a-w- c:\users\Henrik\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-08 08:53 . 2010-02-08 08:53 -------- d-----w- c:\program files\RndLabs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 07:18 . 2008-09-02 20:10 8268 ----a-w- c:\users\Henrik\AppData\Local\d3d9caps.dat
2010-03-05 23:40 . 2008-05-24 10:53 1660 ----a-w- c:\windows\bthservsdp.dat
2010-03-05 21:26 . 2010-02-17 23:24 -------- d-----w- c:\program files\Spyware Doctor
2010-03-05 20:37 . 2008-05-29 16:38 254454 ----a-w- c:\programdata\nvModes.dat
2010-03-05 20:36 . 2009-11-27 20:40 -------- d-----w- c:\users\Henrik\AppData\Roaming\DMCache
2010-03-05 09:44 . 2006-11-21 04:49 77202 ----a-w- c:\windows\system32\perfc006.dat
2010-03-05 09:44 . 2006-11-21 04:49 463344 ----a-w- c:\windows\system32\perfh006.dat
2010-03-04 21:47 . 2009-02-10 23:58 -------- d-----w- c:\program files\Steam
2010-03-04 19:57 . 2009-02-10 23:59 -------- d-----w- c:\program files\Common Files\Steam
2010-02-26 23:23 . 2008-05-24 11:23 -------- d-----w- c:\programdata\McAfee
2010-02-25 19:01 . 2008-05-29 15:42 108560 ----a-w- c:\users\Henrik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 21:06 . 2009-02-09 17:54 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-23 21:06 . 2009-02-09 17:54 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-21 18:55 . 2008-06-12 17:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-21 18:54 . 2008-12-09 15:03 -------- d-----w- c:\programdata\Viewpoint
2010-02-21 18:52 . 2009-03-07 16:24 -------- d-----w- c:\program files\MegauploadToolbar
2010-02-21 18:51 . 2008-05-24 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 18:48 . 2009-04-22 18:21 -------- d-----w- c:\users\Henrik\AppData\Roaming\uTorrent
2010-02-19 07:51 . 2010-01-31 16:12 -------- d-----w- c:\users\Henrik\AppData\Roaming\Winamp
2010-02-19 07:51 . 2009-06-01 19:24 -------- d-----w- c:\users\Henrik\AppData\Roaming\vlc
2010-02-19 07:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-19 07:51 . 2008-06-09 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-18 19:56 . 2009-09-19 20:21 -------- d-----w- c:\program files\Orbitdownloader
2010-02-17 23:27 . 2010-02-17 23:24 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-09 07:15 . 2009-03-08 18:59 -------- d-----w- c:\programdata\Microsoft Help
2010-02-05 08:25 . 2010-02-17 23:24 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 08:18 . 2010-02-17 23:24 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 08:17 . 2010-02-17 23:24 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-31 16:16 . 2010-01-31 16:12 -------- d-----w- c:\program files\Winamp
2010-01-31 16:13 . 2010-01-31 16:13 -------- d-----w- c:\program files\Winamp Detect
2010-01-30 12:18 . 2009-11-14 15:55 -------- d-----w- c:\users\Henrik\AppData\Roaming\foobar2000
2010-01-23 12:27 . 2010-01-09 16:14 -------- d-----w- c:\program files\Trapcode
2010-01-22 07:55 . 2009-09-02 10:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 20:45 . 2009-11-28 22:57 -------- d-----w- c:\users\Henrik\AppData\Roaming\IDM
2010-01-11 11:54 . 2010-01-11 11:54 -------- d-----w- c:\program files\The Seal Hunter
2010-01-09 16:16 . 2010-01-09 16:16 -------- d-----w- c:\program files\Trapcode Particular ffx
2010-01-08 18:19 . 2009-12-07 22:33 -------- d-----w- c:\program files\JDownloader
2010-01-07 22:54 . 2009-07-09 17:20 -------- d-----w- c:\users\Henrik\AppData\Roaming\Apple Computer
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timathr.FOT
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timatho.FOT
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timathbo.FOT
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timathb.FOT
2010-01-05 17:40 . 2010-01-05 17:40 -------- d-----w- c:\program files\TI Education
2010-01-05 17:40 . 2009-04-19 21:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 17:39 . 2010-01-05 17:39 167936 ----a-w- c:\programdata\Symantec\Ghost\AutoInstall\Installed Applications\~0000.dll
2010-01-05 17:39 . 2010-01-05 17:39 -------- d-----w- c:\programdata\Symantec
2010-01-02 14:45 . 2010-01-02 14:45 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-28 12:35 . 2010-02-10 19:27 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 19:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 19:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 19:27 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 19:27 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 19:27 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 19:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 19:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 19:27 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 19:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-27 14:59 . 2009-02-09 17:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-25 13:24 . 2009-12-25 13:24 22328 ----a-w- c:\users\Henrik\AppData\Roaming\PnkBstrK.sys
2009-12-25 13:24 . 2009-12-25 13:24 22328 ----a-w- c:\users\Henrik\AppData\Roaming\PnkBstrK.sys
2009-12-23 15:20 . 2009-11-24 19:14 38784 ----a-w- c:\users\Henrik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-23 15:20 . 2009-11-24 19:14 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-18 13:05 . 2010-01-21 20:48 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-21 20:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-21 20:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-10 19:27 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 19:27 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 19:27 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 19:27 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 19:27 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 14:48 . 2009-09-20 16:59 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-04 21:12 . 2009-11-04 21:12 36868 ----a-w- c:\program files\uninst-Particular.exe
2007-07-17 11:13 . 2008-02-08 16:21 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2009-11-19 18:45 . 2009-11-19 18:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-24 11:10 . 2008-05-24 11:10 74 --sh--r- c:\windows\CT4CET.bin
2008-05-24 18:42 . 2008-05-24 18:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-28 3171760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-04-09 166432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-04-09 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-15 15:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-09 10:39 13515296 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-15 15:48 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-24 11:17 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1c91fca6ae93ab7;Google Update Service (gupdate1c91fca6ae93ab7);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GoogleDesktopManager-110309-193829;Google Desktop-administrator 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-19 30192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-30 38224]
R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232]
R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060]
R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Indhold af mappen 'Planlagte Opgaver'

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 11:24]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 11:24]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\84wshnr9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mylazysundays.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Henrik\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
AddRemove-Adobe_3dcb365ab9e01871fb8c6f27b0ea079 - c:\program files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe
AddRemove-Adobe_5aab5a491a3a52ae624fd639f6aaa95 - c:\program files\Common Files\Adobe\Installers\5aab5a491a3a52ae624fd639f6aaa95\Setup.exe
AddRemove-Color Vision - c:\windows\system32\javaws.exe
AddRemove-Faraday's Electromagnetic Lab - c:\windows\system32\javaws.exe
AddRemove-ijji.com - c:\ijji\ENGLISH\ijjiUninstall.exe
AddRemove-Wave Interference - c:\windows\system32\javaws.exe

**************************************************************************
scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer:

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-2229377645-1677654889-1682414303-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,a3,2b,e0,a2,2b,15,c9,ee,df,d0,64,cb,b7,61,a3,f5,3b,10,62,81,
10,e0,91,fc,f1,49,43,81,72,be,5b,b2,85,93,ab,81,4f,b2,a1,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2229377645-1677654889-1682414303-1000_Classes\CLSID\{fc412789-f095-4a6a-bdd1-fc7706e69996}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001c
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Gennemført tid: 2010-03-06 00:57:57
ComboFix-quarantined-files.txt 2010-03-05 23:57

Pre-Kørsel: 79,906,889,728 byte ledig
Post-Kørsel: 80,129,597,440 byte ledig

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2EF1A0CF5FA9D7321B9B3B932C0D4E5F

Re: Vista Internet Security 2010 (Rouge virus)6th March 2010, 12:20 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: Vista Internet Security 2010 (Rouge virus)14th March 2010, 8:21 pm

HEY

THE MACHINE IS WORKING PERFECTLY NOW

1000 TIMES THANKS MAN

I'M very greatfull Big Grin

Vista Internet Security 2010 (Rouge virus)

descriptionRe: Vista Internet Security 2010 (Rouge virus)25th February 2010, 9:17 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)25th February 2010, 10:51 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)26th February 2010, 12:32 am

descriptionRe: Vista Internet Security 2010 (Rouge virus)26th February 2010, 11:14 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)28th February 2010, 7:44 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)28th February 2010, 10:34 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)4th March 2010, 7:57 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)4th March 2010, 11:39 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)5th March 2010, 11:30 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)5th March 2010, 11:32 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)6th March 2010, 12:00 am

descriptionRe: Vista Internet Security 2010 (Rouge virus)6th March 2010, 12:20 am

descriptionRe: Vista Internet Security 2010 (Rouge virus)14th March 2010, 8:21 pm

descriptionRe: Vista Internet Security 2010 (Rouge virus)