-
Hello Ken
Once again thank you for all your help.
Before we close the thread, should I uninstall Combofix?
Finally, I managed to run RootRepeal and it has found a number of Stealth Objects. Should they be there? Would you like to see the log?
Rosie
-
Hi Rosie,
I am sure there fine but go ahead and post the RR log
-
Thanks Ken
Here it is:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/20 02:20
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x91260000 Size: 778240 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x93115000 Size: 49152 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spzc.sys
Image Path: C:\Windows\System32\Drivers\spzc.sys
Address: 0x8068A000 Size: 1048576 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{c2c89de7-8c3a-11de-af0f-001b3840b6c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{fe1ad5b2-8c4b-11de-b2b1-001b3840b6c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{fe1ad5c3-8c4b-11de-b2b1-001b3840b6c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\Users\Kie\My Documents
Status: Locked to the Windows API!
Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~2.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~2.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~3.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WE5915~1.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBE69~1.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~2.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~3.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WE5915~1.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBE69~1.MAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16720_none_9e3e9a071d8dacdd\WEBCON~1.DEF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8776b0ab372ff1d0\WEBCON~1.DEF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.18000_none_9e18955f1de08635\WEBCON~1.DEF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_4303a14a59b89802\_SMSVC~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~3.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~4.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WED669~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\NAVIGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~2.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~3.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~4.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WED669~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\NAVIGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~2.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~3.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~4.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WED669~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\NAVIGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~2.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~3.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~4.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WED669~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6000.16720_none_7cdc4e91b93964e9\APPLIC~1.CS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6000.20883_none_66146535d2dba9dc\APPLIC~1.CS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6001.18111_none_7cb73347b98b718a\APPLIC~1.CS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6001.22230_none_65eba3e3d330ea9d\APPLIC~1.CS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~3.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~4.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBB00~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~3.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~4.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBB00~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!
Path: C:\WinProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1396 Status: Locked to the Windows API!
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x858221f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_CREATE]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_CLOSE]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_READ]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_WRITE]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_QUERY_EA]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_SET_EA]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_CLEANUP]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: fastfatП牄直褅咠謾, IRP_MJ_PNP]
Process: System Address: 0x8850c1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x858201f8 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x885ad500 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_CREATE]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_CLOSE]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_READ]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_WRITE]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_QUERY_EA]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SET_EA]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_CLEANUP]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_POWER]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: iaNvStor, IRP_MJ_PNP]
Process: System Address: 0x8581f1f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x884f71f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x884f71f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x884f71f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x884f71f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x884f71f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x884f71f8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x884f71f8 Size: 121
SmiliesObject: Hidden Code [Driver: Smb彬Ў浍摌裈迅㘐轮??, IRP_MJ_CREATE]
Process: System Address: 0x8fcc21f8 Size: 121
Object: Hidden Code [Driver: Smb彬Ў浍摌裈迅㘐轮??, IRP_MJ_CLOSE]
Process: System Address: 0x8fcc21f8 Size: 121
Object: Hidden Code [Driver: Smb彬Ў浍摌裈迅㘐轮??, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8fcc21f8 Size: 121
[More] Object: Hidden Code [Driver: Smb彬Ў浍摌裈迅㘐轮??, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8fcc21f8 Size: 121
Post IconsYou may choose anObject: Hidden Code [Driver: Smb彬Ў浍摌裈迅㘐轮??, IRP_MJ_CLEANUP]
Process: System Address: 0x8fcc21f8 Size: 121
icon for your message from the folObject: Hidden Code [Driver: Smb彬Ў浍摌裈迅㘐轮??, IRP_MJ_PNP]
Process: System Address: 0x8fcc21f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x8fcc31f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x8fcc31f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8fcc31f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8fcc31f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x8fcc31f8 Size: 121
Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x8fcc31f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_CREATE]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_CLOSE]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_POWER]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЄ䑈畁㑨衏쐨衍衧萜衙쫜衙, IRP_MJ_PNP]
Process: System Address: 0x885131f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84e901f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x884c51f8 Size: 121
Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x858211f8 Size: 121
Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858211f8 Size: 121
Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x858211f8 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_CREATE]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_CLOSE]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_READ]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_WRITE]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_QUERY_EA]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SET_EA]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SHUTDOWN]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_CLEANUP]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SET_SECURITY]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_POWER]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_SET_QUOTA]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: mrxsmb Е楆, IRP_MJ_PNP]
Process: System Address: 0x91711500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_CREATE]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_CLOSE]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_READ]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_WRITE]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8509d500 Size: 121
Object: Hidden Code [Driver: cdfs, IRP_MJ_PNP]
Process: System Address: 0x8509d500 Size: 121
==EOF==
There seems an awful lot of Stealth Objects!
Rosie
-
The log is fine, no rootkit :bigthumb:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- When shown the disclaimer, Select "2"
The above procedure will:- Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
-
Thanks, Ken. That's set my mind at rest.
I'll follow your instructions to uninstall Combofix. I think I'll also uninstall RootRepeal now.
Once again, Thank you. I'm very grateful for all your help. :thanks:
Rosie
-
-
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.