Results 1 to 12 of 12

Thread: Weird Problem

  1. #1
    Elite Member BaLa's Avatar
    Join Date
    Dec 2000
    Location
    Bell County, Tejas
    Posts
    14,351

    Weird Problem

    Winblows Vista SP1
    FF 3.010
    and IE 8.00601


    With Google Toolbar OR Google Website Search, it 'searches' fine.
    Pulls up the results fine.

    When I click on a site it seems to randomly redirect me to other BS Search Sites.


    I've searched for Viruses with Norton 360
    AdAware, Spybot S+D seem to find nothing also.
    Any ideas?


    HijackThis Log
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:56:41, on 4/29/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\GRLevelX\GRLevel3\grlevel3.exe
    C:\F@H\F@H.exe
    C:\F@H\FAH2\FAH2.exe
    C:\Windows\system32\wuauclt.exe
    C:\F@H\FAH2\FahCore_82.exe
    C:\F@H\FahCore_82.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://docs.google.com/Doc?id=dgqxs2np_0hkm8pgdh
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.218.176.75:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O13 - Gopher Prefix: 
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.145,85.255.112.194
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.145,85.255.112.194
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.145,85.255.112.194
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe
    Last edited by BaLa; 04-29-09 at 06:58 PM.

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,857
    Sounds like somethings still in there....give a thorough scan with MalwareBytes
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    yeah malwarebytes and superantispyware should do the trick... ad-aware doesn't do much and I'd uninstall spybot just to remove teatimer cause that will drive you nuts.

    Norton 360 doesn't pick up very much either and is a waste...

    after your all clean take a gander at the Vista sp2 thread

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,857
    Quote Originally Posted by Sava700 View Post

    Norton 360 doesn't pick up very much either and is a waste...
    Actually they've been solid as far as detection and cleaning tests at av-comparatives.org for over a year....garnering Advanced+ ratings.

    Much as I've hated them and bashed them for a long time now..they don't deserve it anymore.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,785
    Quote Originally Posted by YeOldeStonecat View Post
    Much as I've hated them and bashed them for a long time now..they don't deserve it anymore.
    YeOldeSoftcat.

  6. #6
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,335
    You've got a rootkit infection & probably won't get handled completely by standard anti-malware apps mentioned above.

    Download this program and post the scan results here in this thread.
    http://rootrepeal.googlepages.com/
    Use the Report tab to generate a log to copy+paste.
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  7. #7
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by YeOldeStonecat View Post
    Actually they've been solid as far as detection and cleaning tests at av-comparatives.org for over a year....garnering Advanced+ ratings.

    Much as I've hated them and bashed them for a long time now..they don't deserve it anymore.
    I'll never recommend Norton products again... much like I won't recommend anything from Creative from the screw over of customers they did when vista released.... nope never again.

  8. #8
    Elite Member BaLa's Avatar
    Join Date
    Dec 2000
    Location
    Bell County, Tejas
    Posts
    14,351
    Holy Cow..



    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/04/29 21:53
    Program Version: Version 1.2.3.0
    Windows Version: Windows Vista SP1
    ==================================================

    Drivers
    -------------------
    Name: dump_dumpata.sys
    Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
    Address: 0xA4910000 Size: 45056 File Visible: No
    Status: -

    Name: dump_msahci.sys
    Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
    Address: 0xA491B000 Size: 40960 File Visible: No
    Status: -

    Name: gaopdxtfurttxwvigbfpetwhuxdbsmkbsnwvoq.sys
    Image Path: C:\Windows\system32\drivers\gaopdxtfurttxwvigbfpetwhuxdbsmkbsnwvoq.sys
    Address: 0xA038B000 Size: 53248 File Visible: -
    Status: Hidden from Windows API!

    Name: rootrepeal.sys
    Image Path: C:\Windows\system32\drivers\rootrepeal.sys
    Address: 0xA49D8000 Size: 45056 File Visible: No
    Status: -

    Name: sptd
    Image Path: \Driver\sptd
    Address: 0x00000000 Size: 0 File Visible: No
    Status: -

    Name: spvc.sys
    Image Path: C:\Windows\System32\Drivers\spvc.sys
    Address: 0x8060F000 Size: 1048576 File Visible: No
    Status: -

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{245b23e3-2d00-11de-b742-00235a2c9116}{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{245b23ea-2d00-11de-b742-00235a2c9116}{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{2776f4a0-2f03-11de-a71f-00235a2c9116}{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{7542e5f1-3040-11de-9c30-00235a2c9116}{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{d20da98a-3378-11de-a820-00235a2c9116}{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\System Volume Information\{fea622c3-32a3-11de-a51a-00235a2c9116}{3808876b-c176-4e48-b7ae-04046e6cc752}
    Status: Locked to the Windows API!

    Path: C:\F@H\work\wudata_00.nfo
    Status: Allocation size mismatch (API: 432, Raw: 8)

    Path: C:\Windows\Media\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\Media\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\Media\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\System32\gaopdxboynconrxdptdwpvdprowhxefepvmmjm.dll
    Status: Invisible to the Windows API!

    Path: C:\Windows\System32\gaopdxcounter
    Status: Invisible to the Windows API!

    Path: C:\Windows\System32\drivers\gaopdxtfurttxwvigbfpetwhuxdbsmkbsnwvoq.sys
    Status: Invisible to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.c at
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf .cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf 3c.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c 6b5d18a9128.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7 ed.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_5 8843c41d2730d3f.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e .cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada .cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c40 03bc63e949f6.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5d f56e60dc5df.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218 504d2.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_ 8dd7dea5d5a7a18a.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd 3ce6.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7 658964504b9f3b6.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308 c35eb.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ abac38a907ee8801.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91 .cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_ 5c94f2bbe7d4aaf6.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.c at
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a1 4c0566bec5b24.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24a d.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a 2.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c1 1df268b7c6d9.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e 0ebd6590e0b.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_81 8f59bf601aa775.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_919 3a620671dde41.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_ 61305e07e4f1bc01.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e50 7087.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25 f21d3d46d84.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b1 9c2866332652.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf1783 1d131.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5 dc0ea08098.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8 f8.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af 1.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e0 53e8c6967ba9d.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d6 0651e.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031 cda6db.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e1 6e1.cat
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01c9bf68d146b3ea.00 03
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01c9b 71517e18e53.0001
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9bf68d0db9 60a.0002
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01c9bf68d0b5800a.000 0
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01c9bf68d0c166ea.00 01
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\$$DeleteMe.fastprox.dll.01c9bf68d1529aca.0 005
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363f a\$$DeleteMe.winhttp.dll.01c9bf68d1895a6a.0007
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.0 1c9b7151834de73.0002
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\WINDOW~1.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\WINDOW~2.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\WINDOW~4.WAV
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP
    Status: Locked to the Windows API!

  9. #9
    Elite Member BaLa's Avatar
    Join Date
    Dec 2000
    Location
    Bell County, Tejas
    Posts
    14,351
    Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~2.MAS
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~2.MAS
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~3.MAS
    Status: Locked to the Windows API!

    Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WE5915~1.MAS
    Status: Locked to the Windows API!

    PatProcesses
    -------------------
    Path: System
    PID: 4 Status: Locked to the Windows API!

    Path: C:\Windows\System32\audiodg.exe
    PID: 1368 Status: Locked to the Windows API!

    SSDT
    -------------------
    #: 013 Function Name: NtAlertResumeThread
    Status: Hooked by "<unknown>" at address 0x8813e048

    #: 014 Function Name: NtAlertThread
    Status: Hooked by "<unknown>" at address 0x88037048

    #: 018 Function Name: NtAllocateVirtualMemory
    Status: Hooked by "<unknown>" at address 0x88086a00

    #: 021 Function Name: NtAlpcConnectPort
    Status: Hooked by "<unknown>" at address 0x874c5520

    #: 042 Function Name: NtAssignProcessToJobObject
    Status: Hooked by "<unknown>" at address 0x880ec988

    #: 067 Function Name: NtCreateMutant
    Status: Hooked by "<unknown>" at address 0x880e8008

    #: 077 Function Name: NtCreateSymbolicLinkObject
    Status: Hooked by "<unknown>" at address 0x880ed1d8

    #: 078 Function Name: NtCreateThread
    Status: Hooked by "<unknown>" at address 0x88048f68

    #: 116 Function Name: NtDebugActiveProcess
    Status: Hooked by "<unknown>" at address 0x880ebd90

    #: 129 Function Name: NtDuplicateObject
    Status: Hooked by "<unknown>" at address 0x88086c18

    #: 147 Function Name: NtFreeVirtualMemory
    Status: Hooked by "<unknown>" at address 0x880861e0

    #: 156 Function Name: NtImpersonateAnonymousToken
    Status: Hooked by "<unknown>" at address 0x88022718

    #: 158 Function Name: NtImpersonateThread
    Status: Hooked by "<unknown>" at address 0x88022f90

    #: 165 Function Name: NtLoadDriver
    Status: Hooked by "<unknown>" at address 0x874cf7e0

    #: 177 Function Name: NtMapViewOfSection
    Status: Hooked by "<unknown>" at address 0x88086080

    #: 184 Function Name: NtOpenEvent
    Status: Hooked by "<unknown>" at address 0x87ffa048

    #: 194 Function Name: NtOpenProcess
    Status: Hooked by "<unknown>" at address 0x88086e78

    #: 195 Function Name: NtOpenProcessToken
    Status: Hooked by "<unknown>" at address 0x87fd1048

    #: 197 Function Name: NtOpenSection
    Status: Hooked by "<unknown>" at address 0x8804b048

    #: 201 Function Name: NtOpenThread
    Status: Hooked by "<unknown>" at address 0x88086d28

    #: 210 Function Name: NtProtectVirtualMemory
    Status: Hooked by "<unknown>" at address 0x880ec378

    #: 282 Function Name: NtResumeThread
    Status: Hooked by "<unknown>" at address 0x87f87068

    #: 289 Function Name: NtSetContextThread
    Status: Hooked by "<unknown>" at address 0x88016048

    #: 305 Function Name: NtSetInformationProcess
    Status: Hooked by "<unknown>" at address 0x88087df8

    #: 317 Function Name: NtSetSystemInformation
    Status: Hooked by "<unknown>" at address 0x88086048

    #: 330 Function Name: NtSuspendProcess
    Status: Hooked by "<unknown>" at address 0x88047048

    #: 331 Function Name: NtSuspendThread
    Status: Hooked by "<unknown>" at address 0x88026048

    #: 334 Function Name: NtTerminateProcess
    Status: Hooked by "<unknown>" at address 0x87753180

    #: 335 Function Name: NtTerminateThread
    Status: Hooked by "<unknown>" at address 0x8801b048

    #: 348 Function Name: NtUnmapViewOfSection
    Status: Hooked by "<unknown>" at address 0x8801c048

    #: 358 Function Name: NtWriteVirtualMemory
    Status: Hooked by "<unknown>" at address 0x880865f0

    #: 382 Function Name: NtCreateThreadEx
    Status: Hooked by "<unknown>" at address 0x880ed868

    Stealth Objects
    -------------------
    Object: Hidden Module [Name: WinMgmtR.dll]
    Process: svchost.exe (PID: 1148) Address: 0x00100000 Size: 8192

    Object: Hidden Module [Name: winlogon.exe]
    Process: svchost.exe (PID: 1148) Address: 0x03000000 Size: 323584

    Object: Hidden Module [Name: winlogon.exe]
    Process: svchost.exe (PID: 1148) Address: 0x03050000 Size: 323584

    Object: Hidden Module [Name: WinMgmtR.dll]
    Process: svchost.exe (PID: 1148) Address: 0x71ef0000 Size: 8192

    Object: Hidden Module [Name: tquery.dll]
    Process: svchost.exe (PID: 1148) Address: 0x72090000 Size: 1589248

    Object: Hidden Module [Name: profsvc.dll]
    Process: svchost.exe (PID: 1148) Address: 0x74070000 Size: 163840

    Object: Hidden Module [Name: wevtapi.dll]
    Process: svchost.exe (PID: 1148) Address: 0x756a0000 Size: 258048

    Object: Hidden Module [Name: MOM.Implementation.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x009d0000 Size: 118784

    Object: Hidden Module [Name: LOG.Foundation.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x00b10000 Size: 45056

    Object: Hidden Module [Name: LOG.Foundation.Private.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x00b30000 Size: 45056

    Object: Hidden Module [Name: LOG.Foundation.Implementation.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x00b40000 Size: 69632

    Object: Hidden Module [Name: MOM.Foundation.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x00d10000 Size: 28672

    Object: Hidden Module [Name: LOG.Foundation.Implementation.Private.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x01d20000 Size: 28672

    Object: Hidden Module [Name: NEWAEM.Foundation.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x03ec0000 Size: 36864

    Object: Hidden Module [Name: CCC.Implementation.DLL]
    Process: MOM.exe (PID: 1244) Address: 0x03eb0000 Size: 36864

    Object: Hidden Module [Name: CCC.Implementation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x007d0000 Size: 36864

    Object: Hidden Module [Name: LOG.Foundation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x007f0000 Size: 45056

    Object: Hidden Module [Name: MOM.Foundation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x00800000 Size: 28672

    Object: Hidden Module [Name: LOG.Foundation.Implementation.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x00870000 Size: 28672

    Object: Hidden Module [Name: CLI.Foundation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x00850000 Size: 69632

    Object: Hidden Module [Name: LOG.Foundation.Implementation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x00880000 Size: 69632

    Object: Hidden Module [Name: LOG.Foundation.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x008b0000 Size: 45056

    Object: Hidden Module [Name: MOM.Implementation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x00df0000 Size: 118784

    Object: Hidden Module [Name: CLI.Component.SkinFactory.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x00fc0000 Size: 61440

    Object: Hidden Module [Name: CLI.Foundation.XManifest.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03c90000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.MultiVPU4.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03ed0000 Size: 36864

    Object: Hidden Module [Name: CLI.Component.Runtime.Shared.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03e60000 Size: 53248

    Object: Hidden Module [Name: CLI.Component.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03e30000 Size: 77824

    Object: Hidden Module [Name: LOCALIZATION.Foundation.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03e20000 Size: 28672

    Object: Hidden Module [Name: AxInterop.WBOCXLib.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03e50000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.PowerXpress.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x03ee0000 Size: 36864

    Object: Hidden Module [Name: CLI.Foundation.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04180000 Size: 53248

    Object: Hidden Module [Name: CLI.Component.Runtime.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x041f0000 Size: 28672

    Object: Hidden Module [Name: AEM.Server.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04e50000 Size: 53248

    Object: Hidden Module [Name: Interop.WBOCXLib.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04e10000 Size: 36864

    Object: Hidden Module [Name: ATICCCom.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04e40000 Size: 45056

    Object: Hidden Module [Name: NEWAEM.Foundation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04e60000 Size: 36864

    Object: Hidden Module [Name: LOCALIZATION.Foundation.Implementation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04e80000 Size: 36864

    Object: Hidden Module [Name: AEM.Plugin.Source.Kit.Server.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04eb0000 Size: 53248

    Object: Hidden Module [Name: AEM.Server.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04ea0000 Size: 28672

    Object: Hidden Module [Name: AEM.Plugin.WinMessages.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04ff0000 Size: 28672

    Object: Hidden Module [Name: AEM.Plugin.DPPE.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04fd0000 Size: 28672

    Object: Hidden Module [Name: AEM.Plugin.Hotkeys.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x04fe0000 Size: 28672

    Object: Hidden Module [Name: DEM.Foundation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05030000 Size: 28672

    Object: Hidden Module [Name: DEM.Graphics.I0601.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05020000 Size: 53248

  10. #10
    Elite Member BaLa's Avatar
    Join Date
    Dec 2000
    Location
    Bell County, Tejas
    Posts
    14,351
    Object: Hidden Module [Name: DEM.Graphics.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05040000 Size: 28672

    Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x052b0000 Size: 61440

    Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x052c0000 Size: 36864

    Object: Hidden Module [Name: DEM.OS.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05850000 Size: 28672

    Object: Hidden Module [Name: ATIDEMGX.dll]
    Process: CCC.exe (PID: 4152) Address: 0x055d0000 Size: 438272

    Object: Hidden Module [Name: DEM.OS.I0602.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x056b0000 Size: 28672

    Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05800000 Size: 274432

    Object: Hidden Module [Name: AEM.Plugin.GD.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05880000 Size: 28672

    Object: Hidden Module [Name: DEM.Graphics.I0709.dll]
    Process: CCC.exe (PID: 4152) Address: 0x05860000 Size: 28672

    Object: Hidden Module [Name: ATIDEMOS.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05890000 Size: 77824

    Object: Hidden Module [Name: AEM.Actions.CCAA.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05d20000 Size: 28672

    Object: Hidden Module [Name: DEM.Graphics.I0804.dll]
    Process: CCC.exe (PID: 4152) Address: 0x05d30000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05da0000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05d90000 Size: 28672

    Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.Shared.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05dd0000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05db0000 Size: 77824

    Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05de0000 Size: 53248

    Object: Hidden Module [Name: CLI.Aspect.CustomFormats.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05ef0000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x05f00000 Size: 45056

    Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06250000 Size: 69632

    Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x061f0000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06060000 Size: 86016

    Object: Hidden Module [Name: DEM.Graphics.I0805.dll]
    Process: CCC.exe (PID: 4152) Address: 0x06020000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06050000 Size: 45056

    Object: Hidden Module [Name: DEM.Graphics.I0706.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06040000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x060a0000 Size: 53248

    Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06080000 Size: 77824

    Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x060b0000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x061e0000 Size: 45056

    Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06220000 Size: 61440

    Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06200000 Size: 53248

    Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06240000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06230000 Size: 45056

    Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06270000 Size: 61440

    Object: Hidden Module [Name: DEM.Graphics.I0712.dll]
    Process: CCC.exe (PID: 4152) Address: 0x06280000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x063b0000 Size: 61440

    Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x063d0000 Size: 69632

    Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06a20000 Size: 86016

    Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06a50000 Size: 61440

    Object: Hidden Module [Name: CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06aa0000 Size: 36864

    Object: Hidden Module [Name: CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06a90000 Size: 53248

    Object: Hidden Module [Name: APM.Server.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06ac0000 Size: 69632

    Object: Hidden Module [Name: APM.Foundation.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06ae0000 Size: 28672

    Object: Hidden Module [Name: CLI.Component.Runtime.Extension.EEU.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06d10000 Size: 28672

    Object: Hidden Module [Name: AEM.Plugin.EEU.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06f30000 Size: 28672

    Object: Hidden Module [Name: CLI.Component.Client.Shared.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06fc0000 Size: 53248

    Object: Hidden Module [Name: CLI.Component.Systemtray.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x06f40000 Size: 487424

    Object: Hidden Module [Name: Branding.dll]
    Process: CCC.exe (PID: 4152) Address: 0x06fd0000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07290000 Size: 102400

    Object: Hidden Module [Name: CLI.Aspect.TransCode.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07200000 Size: 495616

    Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x071e0000 Size: 53248

    Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x071f0000 Size: 28672

    Object: Hidden Module [Name: atixclib.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x072c0000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.TransCode.Graphics.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x072b0000 Size: 53248

    Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x074a0000 Size: 28672

    Object: Hidden Module [Name: CLI.Component.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07410000 Size: 405504

    Object: Hidden Module [Name: CLI.Component.Wizard.Shared.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07300000 Size: 36864

    Object: Hidden Module [Name: CLI.Component.Wizard.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x072f0000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07350000 Size: 413696

    Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07310000 Size: 217088

    Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x073c0000 Size: 315392

    Object: Hidden Module [Name: CLI.Component.Client.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07480000 Size: 28672

    Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x074d0000 Size: 86016

    Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.Private.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x074c0000 Size: 28672

    Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.Shared.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x074f0000 Size: 28672

    Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07fe0000 Size: 413696

    Object: Hidden Module [Name: CLI.Aspect.Welcome.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07910000 Size: 143360

    Object: Hidden Module [Name: CLI.Component.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07810000 Size: 1036288

    Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07980000 Size: 126976

    Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07940000 Size: 233472

    Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07e50000 Size: 446464

    Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07de0000 Size: 446464

    Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x07c40000 Size: 1699840

    Object: Hidden Module [Name: CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x08370000 Size: 159744

    Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x080d0000 Size: 364544

    Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x08050000 Size: 462848

    Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x08130000 Size: 602112

    Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Dashboard.DLL]
    Process: CCC.exe (PID: 4152) Address: 0x082a0000 Size: 823296

    Object: Hidden Module [Name: HP.ActiveSupportLibrary.dll]
    Process: hphc_service.exe (PID: 4832) Address: 0x009a0000 Size: 110592

    Object: Hidden Module [Name: gaopdxboynconrxdptdwpvdprowhxefepvmmjm.dll]
    Process: firefox.exe (PID: 4636) Address: 0x10000000 Size: 28672

    Object: Hidden Code [ETHREAD: 0x849823d0]
    Process: System Address: 0x8b26b8a0 Size: -

    Object: Hidden Code [ETHREAD: 0x849cb2d8]
    Process: System Address: 0xacfbb148 Size: -

    Object: Hidden Code [ETHREAD: 0x849cc020]
    Process: System Address: 0x849cc214 Size: -

    Object: Hidden Code [ETHREAD: 0x849ccd78]
    Process: System Address: 0x849ccf6c Size: -

    Object: Hidden Code [ETHREAD: 0x849ccad0]
    Process: System Address: 0x849cccc4 Size: -

    Object: Hidden Code [ETHREAD: 0x849cc580]
    Process: System Address: 0xa3926df8 Size: -

    Object: Hidden Code [ETHREAD: 0x849cc2d8]
    Process: System Address: 0x8b26e8c0 Size: -

    Object: Hidden Code [ETHREAD: 0x87a60d78]
    Process: System Address: 0xd53434a0 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
    Process: System Address: 0x857971f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_CREATE]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_CLOSE]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_READ]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_WRITE]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_SET_VOLUME_INFORMATION]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_CLEANUP]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: udfsЈ晄䉃⽘虺, IRP_MJ_PNP]
    Process: System Address: 0x867b71f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_CREATE]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_CLOSE]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_POWER]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: arc, IRP_MJ_PNP]
    Process: System Address: 0x8577e1f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CREATE]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CLOSE]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_POWER]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_PNP]
    Process: System Address: 0x857861f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
    Process: System Address: 0x857751f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_CREATE]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_CLOSE]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_POWER]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: iteatapi, IRP_MJ_PNP]
    Process: System Address: 0x857831f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CREATE]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CLOSE]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_POWER]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: HpCISSs, IRP_MJ_PNP]
    Process: System Address: 0x857791f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_CREATE]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_CLOSE]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_POWER]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: megasas, IRP_MJ_PNP]
    Process: System Address: 0x857871f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_CREATE]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_CLOSE]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_POWER]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: ql2300, IRP_MJ_PNP]
    Process: System Address: 0x8578c1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_CREATE]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_CLOSE]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_POWER]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: arcsas, IRP_MJ_PNP]
    Process: System Address: 0x8577f1f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_CREATE]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_CLOSE]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_POWER]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: aoopp66aП牄�謥챈賫, IRP_MJ_PNP]
    Process: System Address: 0x869491f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CREATE]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CLOSE]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_POWER]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_PNP]
    Process: System Address: 0x8578e1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_CREATE]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_CLOSE]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_POWER]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: adpu320, IRP_MJ_PNP]
    Process: System Address: 0x8577d1f8 Size: -

    Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CREATE]
    Process: System Address: 0x857891f8 Size: -

    Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CLOSE]
    Process: System Address: 0x857891f8 Size: -

    Object: Hidden Code [Driver: Mraid35x, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x857891f8 Size: -

    Object: Hidden Code [Driver: Mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x857891f8 Size: -

    Object: Hidden Code [Driver: Mraid35x, IRP_MJ_POWER]
    Process: System Address: 0x857891f8 Size: -

    Object: HiddHidden Services
    -------------------
    Service Name: gaopdxserv.sys
    Image Path: C:\Windows\system32\drivers\gaopdxtfurttxwvigbfpetwhuxdbsmkbsnwvoq.sys


    Sorry guys..limited to like 30k characters lol..
    I forgot to mention it does it on both FF and IE.
    So, I did some searching on my own.
    Iniitally I could not get Malwarebytes to run.

    I deleted the gao****.sys. Using RootRepeal.
    Malwarebtes, removed some trojans and stuff, after it made me reboot.
    Forgot to update, so I did that and now rescanning, I'll also be going to work in a bit. (FINALLY).
    Last edited by BaLa; 04-30-09 at 05:47 AM.

  11. #11
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,335
    gaopdxtfurttxwvigbfpetwhuxdbsmkbsnwvoq.sys is the rootkit.
    Hidden from Windows API! is clue.
    ...and next time scan when in safe mode!
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  12. #12
    Elite Member BaLa's Avatar
    Join Date
    Dec 2000
    Location
    Bell County, Tejas
    Posts
    14,351
    got it fixed..thanks guys

Similar Threads

  1. Weird interference problem (WiFi and video card)
    By bobolito in forum Hardware & Overclocking
    Replies: 8
    Last Post: 01-12-14, 09:54 PM
  2. Weird internet problem, uploading is screwing download.
    By Sed41 in forum General Broadband Forum
    Replies: 2
    Last Post: 04-23-09, 04:16 PM
  3. Weird slow connection problem with Ambit Cable Modem/Router
    By saobi in forum General Broadband Forum
    Replies: 0
    Last Post: 09-02-08, 10:19 PM
  4. Weird Problem re my Eth connection
    By Qui-Gon John in forum Networking Forum
    Replies: 0
    Last Post: 11-04-07, 07:18 PM
  5. Replies: 5
    Last Post: 01-10-07, 11:52 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •