ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/11/18 13:34 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: Image Path: Address: 0x8B7CB000 Size: 45056 File Visible: - Signed: - Status: Hidden from the Windows API! Name: ApfiltrService Image Path: \Driver\ApfiltrService Address: 0x8B7D6000 Size: 163840 File Visible: No Signed: - Status: Hidden from the Windows API! Name: CmBatt Image Path: \Driver\CmBatt Address: 0x8B595000 Size: 14208 File Visible: No Signed: - Status: Hidden from the Windows API! Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x861F8000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x85F3E000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x99269000 Size: 49152 File Visible: No Signed: - Status: - Name: tdcmdpst Image Path: \Driver\tdcmdpst Address: 0x97BF6000 Size: 16128 File Visible: No Signed: - Status: Hidden from the Windows API! Name: uwtyqpow.sys Image Path: C:\Users\Robert\AppData\Local\Temp\uwtyqpow.sys Address: 0x99251000 Size: 94848 File Visible: No Signed: - Status: - Name: 聦聦풬聧 Image Path: 聦聦풬聧 Address: 0x8B7B8000 Size: 77824 File Visible: No Signed: - Status: Hidden from the Windows API! Name: ðððððððððððððððððððð Image Path: ðððððððððððððððððððð Address: 0x8B600000 Size: 45056 File Visible: No Signed: - Status: Hidden from the Windows API! Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{20410bdb-f32c-11df-8cca-001b381e2405}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4e23e842-f340-11df-ad0e-001b381e2405}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c5581547-f34c-11df-b4f6-001b381e2405}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c5581564-f34c-11df-b4f6-001b381e2405}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c5581577-f34c-11df-b4f6-001b381e2405}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: c:\windows\system32\slui\migip.dun Status: Allocation size mismatch (API: 4096, Raw: 344) Path: c:\windows\system32\wbem\wpcuninst.mof Status: Allocation size mismatch (API: 4096, Raw: 472) Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\$$DeleteMe.apphelp.dll.01cb874ca46de674.00e3 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01cb875939ac5aaf.0095 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8945d572a01e6a1a\$$DeleteMe.authui.dll.mui.01cb874cb0a81694.011a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01cb875934a9558f.0038 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1652b637b3e9dec3\$$DeleteMe.advapi32.dll.mui.01cb874cb2de9dd4.0125 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6000.16386_none_e1118fae8996a7dc\$$DeleteMe.advapi32.dll.01cb874c93bac0f4.0034 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01cb875932a72c8f.001e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\$$DeleteMe.atl.dll.01cb874ca0fac854.00ba Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\$$DeleteMe.atl.dll.01cb8759383b658f.0071 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6000.16386_none_5cfbb23d699248a8\$$DeleteMe.adsldpc.dll.01cb874c98cc0e54.005e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_6.0.6000.16386_none_deaec722e41e5e07\$$DeleteMe.msacm32.dll.01cb874c8f631ed4.0015 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16513_none_0a056d7cf846bbd5\$$DeleteMe.authui.dll.01cb874c9fc2f434.00a2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\$$DeleteMe.authui.dll.01cb8759377cf78f.0061 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\$$DeleteMe.bcrypt.dll.01cb874c9482b474.0038 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\$$DeleteMe.bcrypt.dll.01cb875932fa7caf.0021 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\$$DeleteMe.qmgr.dll.01cb874c9d770094.008a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\$$DeleteMe.qmgr.dll.01cb875936a6bbcf.0056 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6000.16386_none_af357b0d92153e84\$$DeleteMe.bitsigd.dll.01cb874c9c67a3d4.0083 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b16c3d098f004f58\$$DeleteMe.bitsigd.dll.01cb8759363479cf.0050 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6000.16386_none_047d4bceda254122\$$DeleteMe.Query.dll.01cb874c9d2d35f4.0087 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01cb8759368a2b4f.0053 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6000.16386_none_d4dab19871ad5771\$$DeleteMe.diagperf.dll.01cb874ca687dd34.00fe Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01cb87593aab0dcf.00a7 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6000.16386_none_d546f3803fbc7752\$$DeleteMe.certcli.dll.01cb874c99561e14.0063 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.18000_none_d77db57c3ca78826\$$DeleteMe.certcli.dll.01cb875934d68faf.003c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cbsapi_31bf3856ad364e35_6.0.6000.16386_none_4c2b1119f37be620\$$DeleteMe.CbsApi.dll.01cb87499acfe669.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6000.16386_none_a797884c5d9fcdc5\$$DeleteMe.cmiv2.dll.01cb874cac495054.0114 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01cb87593d8a96af.00ba Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16470_none_2320546141637f8f\$$DeleteMe.imagehlp.dll.01cb874ca4b08cf4.00e8 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\$$DeleteMe.cfgmgr32.dll.01cb874c9d7961f4.008b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\$$DeleteMe.umpnpmgr.dll.01cb874ca4e289d4.00ef Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\$$DeleteMe.csrss.exe.01cb874c83ec1f74.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334\$$DeleteMe.credui.dll.01cb874c8ef59f94.0011 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01cb87593108fd4f.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\$$DeleteMe.crypt32.dll.01cb874ca1df4c54.00c1 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01cb8759389f5f4f.0077 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.0.6000.16386_none_0367c3eab0da6051\$$DeleteMe.cryptdll.dll.01cb874c9ff02e54.00a7 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\$$DeleteMe.cryptsvc.dll.01cb874c9a7161b4.006d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01cb8759356a24ef.0043 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6000.16386_none_83b799629b384243\$$DeleteMe.cryptui.dll.01cb874c9ec1dfb4.0099 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e98235317\$$DeleteMe.cryptui.dll.01cb875937169c6f.005c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6000.16445_none_c77ab655a8530501\$$DeleteMe.csrsrv.dll.01cb874c84018bd4.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.0.6000.16386_none_39c1f98787f99c82\$$DeleteMe.dssenh.dll.01cb874ca67e57b4.00fd Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.16515_none_663e618f9f0e757e\$$DeleteMe.dps.dll.01cb874c9b7014d4.0078 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6000.16386_none_8b6cd218c046ea63\$$DeleteMe.uxsms.dll.01cb874ca4b2ee54.00e9 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01cb875939cdadef.0098 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dims_31bf3856ad364e35_6.0.6000.16386_none_a74c11b71e09911f\$$DeleteMe.dimsjob.dll.01cb874ca378b8d4.00d4 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samlib.dll.01cb874c9cf1b394.0086 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samsrv.dll.01cb874c931420b4.002d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01cb8759367e446f.0052 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01cb87593281168f.0019 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\$$DeleteMe.dnsapi.dll.01cb874c91f8dd14.0028 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\$$DeleteMe.dnsrslvr.dll.01cb874c97c3d5b4.0055 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsapi.dll.01cb875931fe2aef.0015 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsrslvr.dll.01cb8759342fef6f.0032 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797\$$DeleteMe.eappcfg.dll.01cb874c8fdee654.001a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797\$$DeleteMe.eapphost.dll.01cb874ca6700f74.00fc Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797\$$DeleteMe.eappprxy.dll.01cb874c9e83fbf4.0095 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eappcfg.dll.01cb8759313afa2f.000e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eapphost.dll.01cb87593a9cc58f.00a6 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6000.16386_none_9c552a52f9cf5068\$$DeleteMe.emdmgmt.dll.01cb874ca21f9174.00c2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18000_none_9e8bec4ef6ba613c\$$DeleteMe.emdmgmt.dll.01cb875938ab462f.0079 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6000.16386_none_efad84e52f20ae35\$$DeleteMe.esent.dll.01cb874c9fe44774.00a5 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01cb87593790028f.0064 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.0.6000.16386_none_881325e50132ff36\$$DeleteMe.eapsvc.dll.01cb874c9f9a7cd4.00a0 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6000.16386_none_a9fa4020685f2193\$$DeleteMe.wevtapi.dll.01cb874c8ff452b4.001c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\$$DeleteMe.wevtapi.dll.01cb8759313fbcef.000f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18000_none_79cbf36190e59fa9\$$DeleteMe.wersvc.dll.01cb87593836a2cf.0070 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\$$DeleteMe.clusapi.dll.01cb874c9b93c974.0079 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\$$DeleteMe.resutils.dll.01cb874ca07319f4.00b0 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6000.16386_none_7795316593fa8ed5\$$DeleteMe.wersvc.dll.01cb874ca0ec8014.00b9 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f704c563751\$$DeleteMe.gdi32.dll.01cb874ca1d36574.00c0 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\$$DeleteMe.gdi32.dll.01cb8759389a9c8f.0076 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\$$DeleteMe.lpk.dll.01cb874ca50b0134.00f4 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6000.16386_none_25ec9fe2ea179531\$$DeleteMe.gpapi.dll.01cb874c9d6656f4.0089 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6000.16386_none_25ec9fe2ea179531\$$DeleteMe.gpsvc.dll.01cb874ca2d21894.00cb Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01cb8759369ad4ef.0055 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpsvc.dll.01cb875938ca380f.0080 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6000.16386_none_e10616dfe80787ab\$$DeleteMe.tapisrv.dll.01cb874c99abcf94.0068 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.17022_none_f3b23ce9a033de29\$$DeleteMe.httpapi.dll.01cb874ca44ef494.00e1 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18428_none_f59ea70f9d54d109\$$DeleteMe.httpapi.dll.01cb875939948cef.0092 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6000.16386_none_adff83b897ae75bd\$$DeleteMe.hnetcfg.dll.01cb874c93d02d54.0035 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d\$$DeleteMe.urlmon.dll.01cb874ca2ae63f4.00c8 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18385_none_b4919f9fd7064103\$$DeleteMe.urlmon.dll.01cb875938be512f.007e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18167_none_b68fb3d9d41a8e1a\$$DeleteMe.urlmon.dll.01cb8762af40f74d.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6000.16386_none_68816eddac5ab0fd\$$DeleteMe.locale.nls.01cb874ca6ebd6f4.0101 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a945c1d1\$$DeleteMe.locale.nls.01cb87593af739cf.00a8 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0\$$DeleteMe.wininet.dll.01cb874c9f5c9914.009e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18385_none_01977b41a20f6796\$$DeleteMe.wininet.dll.01cb8759376529cf.005f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.0.6000.16386_none_462555be2d3821c7\$$DeleteMe.dbghelp.dll.01cb874c999fe8b4.0067 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01cb875933bb4c0f.0029 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\$$DeleteMe.msi.dll.01cb874c92d17a34.002b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3ae40182285968c3\$$DeleteMe.kernel32.dll.mui.01cb874cb25e1394.0123 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\$$DeleteMe.kernel32.dll.01cb874c96958714.0042 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01cb875933b8eaaf.0028 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\$$DeleteMe.imm32.dll.01cb874c969f0c94.0043 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\$$DeleteMe.msi.dll.01cb8759326e0b8f.0017 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6000.16386_none_f105859b5980a307\$$DeleteMe.Wldap32.dll.01cb874c9d2f9754.0088 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01cb8759368c8caf.0054 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6000.16386_none_1f229f0d6f8d6648\$$DeleteMe.lpksetup.exe.01cb874c9665eb94.0041 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\$$DeleteMe.lsasrv.dll.01cb874c841496d4.000b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\$$DeleteMe.lsass.exe.01cb874c83f80654.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\$$DeleteMe.secur32.dll.01cb874c84312754.000e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsasrv.dll.01cb87592cc928ef.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsass.exe.01cb87592cc204cf.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.secur32.dll.01cb87592ce5b96f.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-l2gpstore_31bf3856ad364e35_6.0.6000.16386_none_77a7f29bdd8db188\$$DeleteMe.l2gpstore.dll.01cb874c9820ab54.0058 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6000.16386_none_11d5c2f056198a65\$$DeleteMe.mprapi.dll.01cb874c8f123014.0013 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\$$DeleteMe.mprapi.dll.01cb87593114e42f.000c Status: Locked to the WProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1212 Status: Locked to the Windows API! SSDT ------------------- #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0x89de2620 ==EOF==