WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Vista Internet Security 2010 (Rouge virus)

2 posters

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)28th February 2010, 10:34 pm

more_horiz
Hello.

Download ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Any better now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Vista Internet Security 2010 (Rouge virus) - Page 1 DXwU4
Vista Internet Security 2010 (Rouge virus) - Page 1 VvYDg

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)4th March 2010, 7:57 pm

more_horiz
Well it cleared some space on my harddrive, but apart from that, nothing really happened. But I think I was able to find out was causes the computer to freeze. From the taskmanager I could that my CPU was runnning 100 % when I began having the problems I experience before the comp freezes. I was able locate a process named WERfault.exe and stopped this the computer seemed to work fine. But the problem is, it keeps coming back, so have to stop the process every time. Very anoying!

you know about anything I could do about this? Big Grin
thanks

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)4th March 2010, 11:39 pm

more_horiz
Actually, I want to check 1 more thing.

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    Vista Internet Security 2010 (Rouge virus) - Page 1 Ty87394lm6zwsm8gt

  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    Vista Internet Security 2010 (Rouge virus) - Page 1 Jzploa1hjbxcmszn3j35
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Vista Internet Security 2010 (Rouge virus) - Page 1 DXwU4
Vista Internet Security 2010 (Rouge virus) - Page 1 VvYDg

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)5th March 2010, 11:30 pm

more_horiz
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/05 22:34
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x92910000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA2584000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spbf.sys
Image Path: C:\Windows\System32\Drivers\spbf.sys
Address: 0x8068A000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f6d8328-21db-11df-ac0b-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{50c37790-1d29-11df-90d4-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{53cee027-1c1d-11df-9a28-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{595b4d30-1edf-11df-a334-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{595b4d37-1edf-11df-a334-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{595b4d3d-1edf-11df-a334-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8beb639d-25d1-11df-bc0e-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{AF3D4~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{04cb9d63-1ae2-11df-af9c-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{06CB0~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0b9b390e-1c88-11df-b15c-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2a163b0d-23d8-11df-bee8-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cc6b0d2c-1c7f-11df-8120-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cc6b0d33-1c7f-11df-8120-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d6761f4c-1bc6-11df-a0d7-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d68c4d8e-20b0-11df-a8fd-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e0ce97f5-1cc3-11df-aa3e-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e309b810-213b-11df-a7b0-001fe1f15e2c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.30.microsoft.msxml2_6bd6b9abf345378f_4.30.2107.0_none_b3bfb803df9355d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.30.2100.0_none_3983779e74974f83.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.30.2107.0_none_398a79a4749100e4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.30.2100.0_none_03d8af9e7277524d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.0.6000.16386_none_7228d3744a853f0e\$$DeleteMe.meiryo.ttc.01cab618ab806830.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\ACTIVE~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI14F6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIEB39~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIFFBF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIF0C6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MICB54~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIDCF7~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI5E06~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\GROUPP~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIFD4D~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIE4F9~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI47C0~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI47B4~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI3D48~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI84FA~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIAAB6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI1F3F~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIA41E~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\APPLIC~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI5820~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MIEAB3~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI3331~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\ACTIVE~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\APPLIC~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI14F6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFF44~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI5820~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI7A16~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2DAF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIEAB3~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3D48~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~4.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIEB39~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFFBF~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIF0C6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICB54~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIDCF7~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFD4D~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIE4F9~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3779~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI47C0~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI47B4~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI5E06~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3331~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~3.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\GROUPP~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI84FA~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIAAB6~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI1F3F~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIA41E~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16730_da-dk_13403d4933c6442f\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16730_da-dk_13403d4933c6442f\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20895_da-dk_138dfbfe4d100a52\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20895_da-dk_138dfbfe4d100a52\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_1546e9cd30d48426\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_1546e9cd30d48426\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18121_da-dk_15324c2530e3d286\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18121_da-dk_15324c2530e3d286\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22243_da-dk_15a849ac4a0fdce0\140716~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22243_da-dk_15a849ac4a0fdce0\1A7C2B~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\WiProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1228 Status: Locked to the Windows API!

SSDT
-------------------
#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8b907cdc

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8b907ece

#: 078 Function Name: NtCreateThread
Status: Hooked by "" at address 0x8cb38e74

#: 194 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x8cb38e60

#: 201 Function Name: NtOpenThread
Status: Hooked by "" at address 0x8cb38e65

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x8cb38e6f

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8b9080d6

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3112) Address: 0x67670000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 3112) Address: 0x68c50000 Size: 331776

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3112) Address: 0x6a350000 Size: 20480

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x858ad1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x8b33b1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System Address: 0x858aa1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x858ac1f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_CREATE]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_CLOSE]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_READ]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_WRITE]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_SHUTDOWN]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_POWER]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: cdrom蝡, IRP_MJ_PNP]
Process: System Address: 0x876681f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_CREATE]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_CLOSE]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_READ]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_WRITE]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_POWER]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR舴П牄豆쒈軱, IRP_MJ_PNP]
Process: System Address: 0x8a23f1f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_CREATE]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_CLOSE]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_POWER]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: usbuhci￿Ь瑅䝷嚸蘾ᙀ蝌, IRP_MJ_PNP]
Process: System Address: 0x874d51f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_CREATE]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_CLOSE]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_CLEANUP]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: Smb远Ѕ晖呉솠醢艒, IRP_MJ_PNP]
Process: System Address: 0x8b2511f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_CREATE]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_CLOSE]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: netbt訜, IRP_MJ_PNP]
Process: System Address: 0x8a2b81f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_CREATE]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_CLOSE]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_POWER]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄豆Ǩ軮, IRP_MJ_PNP]
Process: System Address: 0x874d11f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x858a81f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_CREATE]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_CLOSE]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_POWER]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: usbehci蝆П牄豆읨踇, IRP_MJ_PNP]
Process: System Address: 0x874d21f8 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CREATE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CLOSE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_READ]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_WRITE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_EA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_EA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SHUTDOWN]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CLEANUP]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_SECURITY]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_POWER]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_SET_QUOTA]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: mrxsmb陠鵜Ѕ瑎硦, IRP_MJ_PNP]
Process: System Address: 0x874b0500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CREATE]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CLOSE]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_READ]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_WRITE]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_CLEANUP]
Process: System Address: 0x85580500 Size: 121

Object: Hidden Code [Driver: cdfsІ瑎湦܇$, IRP_MJ_PNP]
Process: System Address: 0x85580500 Size: 121

==EOF==

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)5th March 2010, 11:32 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Vista Internet Security 2010 (Rouge virus) - Page 1 CF_download_FF

    Vista Internet Security 2010 (Rouge virus) - Page 1 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Vista Internet Security 2010 (Rouge virus) - Page 1 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Vista Internet Security 2010 (Rouge virus) - Page 1 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Vista Internet Security 2010 (Rouge virus) - Page 1 DXwU4
Vista Internet Security 2010 (Rouge virus) - Page 1 VvYDg

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)6th March 2010, 12:00 am

more_horiz
ComboFix 10-03-05.01 - Henrik 06-03-2010 0:44.1.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.45.1030.18.3581.2141 [GMT 1:00]
Kører fra: c:\users\Henrik\Documents\Downloads\Programs\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2229377645-1677654889-1682414303-500
c:\$recycle.bin\S-1-5-21-3760575259-3998885095-2510980084-500
c:\programdata\sysReserve.ini
c:\users\Henrik\AppData\Local\mtg.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-05 til 2010-03-05 )))))))))))))))))))))))))))))))))))
.

2010-03-06 20:05 . 2010-03-07 07:14 -------- d-----w- c:\users\Henrik\AppData\Local\Adobe
2010-03-02 08:12 . 2010-03-02 08:12 -------- d-----w- c:\programdata\WindowsSearch
2010-02-27 19:49 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:27 . 2010-02-24 13:27 -------- d-----w- c:\program files\Trend Micro
2010-02-24 13:25 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 13:25 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 13:25 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 13:25 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 13:25 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:25 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 13:25 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 13:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 13:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 13:25 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 22:32 . 2010-02-23 22:32 -------- d-----w- c:\program files\TrendMicro
2010-02-18 19:56 . 2010-02-18 19:56 -------- d-----w- c:\users\Henrik\AppData\Local\Threat Expert
2010-02-18 19:56 . 2010-02-18 19:56 -------- d-----w- c:\program files\Enigma Software Group
2010-02-17 23:24 . 2010-02-17 23:24 -------- d-----w- c:\users\Henrik\AppData\Roaming\PC Tools
2010-02-17 23:24 . 2010-02-17 23:24 -------- d-----w- c:\programdata\PC Tools
2010-02-15 23:27 . 2010-02-15 23:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-15 23:26 . 2010-02-15 23:26 -------- d-----w- c:\users\Henrik\AppData\Roaming\Malwarebytes
2010-02-15 23:26 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 23:26 . 2010-02-15 23:26 -------- d-----w- c:\programdata\Malwarebytes
2010-02-15 23:26 . 2010-02-15 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 23:26 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 19:26 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 19:26 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-08 12:41 . 2010-02-15 15:46 52224 ----a-w- c:\users\Henrik\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-08 12:40 . 2010-02-15 15:48 117760 ----a-w- c:\users\Henrik\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-08 08:53 . 2010-02-08 08:53 -------- d-----w- c:\program files\RndLabs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 07:18 . 2008-09-02 20:10 8268 ----a-w- c:\users\Henrik\AppData\Local\d3d9caps.dat
2010-03-05 23:40 . 2008-05-24 10:53 1660 ----a-w- c:\windows\bthservsdp.dat
2010-03-05 21:26 . 2010-02-17 23:24 -------- d-----w- c:\program files\Spyware Doctor
2010-03-05 20:37 . 2008-05-29 16:38 254454 ----a-w- c:\programdata\nvModes.dat
2010-03-05 20:36 . 2009-11-27 20:40 -------- d-----w- c:\users\Henrik\AppData\Roaming\DMCache
2010-03-05 09:44 . 2006-11-21 04:49 77202 ----a-w- c:\windows\system32\perfc006.dat
2010-03-05 09:44 . 2006-11-21 04:49 463344 ----a-w- c:\windows\system32\perfh006.dat
2010-03-04 21:47 . 2009-02-10 23:58 -------- d-----w- c:\program files\Steam
2010-03-04 19:57 . 2009-02-10 23:59 -------- d-----w- c:\program files\Common Files\Steam
2010-02-26 23:23 . 2008-05-24 11:23 -------- d-----w- c:\programdata\McAfee
2010-02-25 19:01 . 2008-05-29 15:42 108560 ----a-w- c:\users\Henrik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 21:06 . 2009-02-09 17:54 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-23 21:06 . 2009-02-09 17:54 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-21 18:55 . 2008-06-12 17:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-21 18:54 . 2008-12-09 15:03 -------- d-----w- c:\programdata\Viewpoint
2010-02-21 18:52 . 2009-03-07 16:24 -------- d-----w- c:\program files\MegauploadToolbar
2010-02-21 18:51 . 2008-05-24 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 18:48 . 2009-04-22 18:21 -------- d-----w- c:\users\Henrik\AppData\Roaming\uTorrent
2010-02-19 07:51 . 2010-01-31 16:12 -------- d-----w- c:\users\Henrik\AppData\Roaming\Winamp
2010-02-19 07:51 . 2009-06-01 19:24 -------- d-----w- c:\users\Henrik\AppData\Roaming\vlc
2010-02-19 07:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-19 07:51 . 2008-06-09 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-18 19:56 . 2009-09-19 20:21 -------- d-----w- c:\program files\Orbitdownloader
2010-02-17 23:27 . 2010-02-17 23:24 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-09 07:15 . 2009-03-08 18:59 -------- d-----w- c:\programdata\Microsoft Help
2010-02-05 08:25 . 2010-02-17 23:24 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 08:18 . 2010-02-17 23:24 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 08:17 . 2010-02-17 23:24 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-31 16:16 . 2010-01-31 16:12 -------- d-----w- c:\program files\Winamp
2010-01-31 16:13 . 2010-01-31 16:13 -------- d-----w- c:\program files\Winamp Detect
2010-01-30 12:18 . 2009-11-14 15:55 -------- d-----w- c:\users\Henrik\AppData\Roaming\foobar2000
2010-01-23 12:27 . 2010-01-09 16:14 -------- d-----w- c:\program files\Trapcode
2010-01-22 07:55 . 2009-09-02 10:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 20:45 . 2009-11-28 22:57 -------- d-----w- c:\users\Henrik\AppData\Roaming\IDM
2010-01-11 11:54 . 2010-01-11 11:54 -------- d-----w- c:\program files\The Seal Hunter
2010-01-09 16:16 . 2010-01-09 16:16 -------- d-----w- c:\program files\Trapcode Particular ffx
2010-01-08 18:19 . 2009-12-07 22:33 -------- d-----w- c:\program files\JDownloader
2010-01-07 22:54 . 2009-07-09 17:20 -------- d-----w- c:\users\Henrik\AppData\Roaming\Apple Computer
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timathr.FOT
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timatho.FOT
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timathbo.FOT
2010-01-05 17:40 . 2010-01-05 17:40 1409 ----a-w- c:\windows\Fonts\Timathb.FOT
2010-01-05 17:40 . 2010-01-05 17:40 -------- d-----w- c:\program files\TI Education
2010-01-05 17:40 . 2009-04-19 21:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 17:39 . 2010-01-05 17:39 167936 ----a-w- c:\programdata\Symantec\Ghost\AutoInstall\Installed Applications\~0000.dll
2010-01-05 17:39 . 2010-01-05 17:39 -------- d-----w- c:\programdata\Symantec
2010-01-02 14:45 . 2010-01-02 14:45 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-28 12:35 . 2010-02-10 19:27 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 19:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 19:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 19:27 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 19:27 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 19:27 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 19:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 19:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 19:27 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 19:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-27 14:59 . 2009-02-09 17:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-25 13:24 . 2009-12-25 13:24 22328 ----a-w- c:\users\Henrik\AppData\Roaming\PnkBstrK.sys
2009-12-25 13:24 . 2009-12-25 13:24 22328 ----a-w- c:\users\Henrik\AppData\Roaming\PnkBstrK.sys
2009-12-23 15:20 . 2009-11-24 19:14 38784 ----a-w- c:\users\Henrik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-23 15:20 . 2009-11-24 19:14 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-18 13:05 . 2010-01-21 20:48 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-21 20:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-21 20:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-10 19:27 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 19:27 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 19:27 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 19:27 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 19:27 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 14:48 . 2009-09-20 16:59 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-04 21:12 . 2009-11-04 21:12 36868 ----a-w- c:\program files\uninst-Particular.exe
2007-07-17 11:13 . 2008-02-08 16:21 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2009-11-19 18:45 . 2009-11-19 18:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-24 11:10 . 2008-05-24 11:10 74 --sh--r- c:\windows\CT4CET.bin
2008-05-24 18:42 . 2008-05-24 18:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-28 3171760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-04-09 166432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-04-09 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-15 15:48 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-09 10:39 13515296 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-15 15:48 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-24 11:17 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1c91fca6ae93ab7;Google Update Service (gupdate1c91fca6ae93ab7);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GoogleDesktopManager-110309-193829;Google Desktop-administrator 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-19 30192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-30 38224]
R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232]
R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060]
R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Indhold af mappen 'Planlagte Opgaver'

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 11:24]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 11:24]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\84wshnr9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mylazysundays.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Henrik\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
AddRemove-Adobe_3dcb365ab9e01871fb8c6f27b0ea079 - c:\program files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe
AddRemove-Adobe_5aab5a491a3a52ae624fd639f6aaa95 - c:\program files\Common Files\Adobe\Installers\5aab5a491a3a52ae624fd639f6aaa95\Setup.exe
AddRemove-Color Vision - c:\windows\system32\javaws.exe
AddRemove-Faraday's Electromagnetic Lab - c:\windows\system32\javaws.exe
AddRemove-ijji.com - c:\ijji\ENGLISH\ijjiUninstall.exe
AddRemove-Wave Interference - c:\windows\system32\javaws.exe



**************************************************************************
scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer:

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-2229377645-1677654889-1682414303-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,a3,2b,e0,a2,2b,15,c9,ee,df,d0,64,cb,b7,61,a3,f5,3b,10,62,81,
10,e0,91,fc,f1,49,43,81,72,be,5b,b2,85,93,ab,81,4f,b2,a1,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2229377645-1677654889-1682414303-1000_Classes\CLSID\{fc412789-f095-4a6a-bdd1-fc7706e69996}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001c
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Gennemført tid: 2010-03-06 00:57:57
ComboFix-quarantined-files.txt 2010-03-05 23:57

Pre-Kørsel: 79,906,889,728 byte ledig
Post-Kørsel: 80,129,597,440 byte ledig

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2EF1A0CF5FA9D7321B9B3B932C0D4E5F

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)6th March 2010, 12:20 am

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Vista Internet Security 2010 (Rouge virus) - Page 1 DXwU4
Vista Internet Security 2010 (Rouge virus) - Page 1 VvYDg

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)14th March 2010, 8:21 pm

more_horiz
HEY

THE MACHINE IS WORKING PERFECTLY NOW

1000 TIMES THANKS MAN

I'M very greatfull Big Grin

descriptionVista Internet Security 2010 (Rouge virus) - Page 1 EmptyRe: Vista Internet Security 2010 (Rouge virus)

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum