ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2012/03/29 09:22 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x96206000 Size: 851968 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA3DF3000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{6bec0c02-6ebc-11e1-92e2-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{71c4eb86-729d-11e1-8e08-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{741307c4-6d1e-11e1-8f09-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{79d1f0a1-7817-11e1-9ca5-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{7f20d0e4-60a6-11e1-81d0-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{52f4fe21-6f7d-11e1-a68e-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{599bd906-74f6-11e1-aef6-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{6547e68d-7641-11e1-aeaf-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{656da405-654e-11e1-a495-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{656da409-654e-11e1-a495-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{656da40d-654e-11e1-a495-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{656da411-654e-11e1-a495-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{656da415-654e-11e1-a495-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{175e716b-7384-11e1-bbe2-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{1c237c12-605a-11e1-96a5-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{2770ba05-67b2-11e1-9be3-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{34a3d228-789c-11e1-8567-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{510c3563-6640-11e1-9d21-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{656da421-654e-11e1-a495-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{8e14ff67-6621-11e1-ac2b-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{94fa0039-765f-11e1-8ddb-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{ab733f0b-7007-11e1-a299-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{bf120b45-6bb6-11e1-884e-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{f11b2663-621c-11e1-832a-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{f63a5b63-69fc-11e1-ac0c-002243a12c46}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: c:\program files\play online\log\autoztemon.txt Status: Size mismatch (API: 66043692, Raw: 66030462) Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4de39e0d118f2d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_517205a10f4550e3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_6b8a9829b015faa3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4db63e267dcf142c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\34f4e1067328cece3ad510dbcdd746657fd91ee96f89f25201a7c658918512d1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\7aefb85f3099da7d88809ade16e90c2e3d61c5eeb236093cddc0a546934b02ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\113260042a311e5a7871a6659a0a0cc23a5864196832c01f81f093942513b749.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\92a6d9ca6a73206405dc393c28776ea6cded8b6ef43bffcf248c1b852ccd4c2c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.0.6002.18239_pl-pl_f796492675ad728c\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.identitymodel.resources_b77a5c561934e089_6.0.6002.22380_pl-pl_e0ce70e08f4f6a9c\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18239_pl-pl_aea97d904c959a87\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22380_pl-pl_97e1a54a66379297\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\ADDUSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\APPCON~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\CONFIR~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\CORPER~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\DEFAUL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\_DATAO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\_DATAP~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\_DATAP~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\MANAGE~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\WE131E~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\EDITUS~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\ERRORA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\FINDUS~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\HOME0A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\HOME1A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\HOME2A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\MAB3E9~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\MA5A10~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\PROVID~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\SECURI~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_pl-pl_00b2b6fc0379367e\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\ADDUSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\APPCON~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\CONFIR~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\CORPER~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\DEFAUL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\_DATAO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\_DATAP~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\_DATAP~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\MANAGE~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\WE131E~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\EDITUS~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\ERRORA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\FINDUS~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\HOME0A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\HOME1A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\HOME2A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\MAB3E9~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\MA5A10~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\PROVID~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\SECURI~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_pl-pl_0159c4931c813397\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\ADDUSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\APPCON~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\CONFIR~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\CORPER~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\DEFAUL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\_DATAO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\_DATAP~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\_DATAP~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\MANAGE~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\WE131E~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\EDITUS~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\ERRORA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\FINDUS~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\HOME0A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_pl-pl_02a4c5d80096c4d5\HOME1A~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resoProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1336 Status: Locked to the Windows API! SSDT ------------------- #: 012 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91336ac6 #: 048 Function Name: NtClose Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91337298 #: 054 Function Name: NtConnectPort Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x913376c0 #: 060 Function Name: NtCreateFile Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133b48c #: 068 Function Name: NtCreateNamedPipeFile Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133698c #: 077 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133876e #: 078 Function Name: NtCreateThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133703c #: 116 Function Name: NtDebugActiveProcess Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x913381a0 #: 127 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91337492 #: 129 Function Name: NtDuplicateObject Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91338bb0 #: 150 Function Name: NtFsControlFile Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91337344 #: 165 Function Name: NtLoadDriver Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91338232 #: 186 Function Name: NtOpenFile Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133b2d0 #: 194 Function Name: NtOpenProcess Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91336cf6 #: 197 Function Name: NtOpenSection Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91338798 #: 201 Function Name: NtOpenThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91336bf8 #: 255 Function Name: NtQueueApcThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x913384c6 #: 268 Function Name: NtReplaceKey Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91335e5c #: 276 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91338026 #: 280 Function Name: NtRestoreKey Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91335fbe #: 282 Function Name: NtResumeThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91338a84 #: 283 Function Name: NtSaveKey Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91335c5e #: 286 Function Name: NtSecureConnectPort Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91337582 #: 289 Function Name: NtSetContextThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133713c #: 314 Function Name: NtSetSecurityObject Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9133832c #: 317 Function Name: NtSetSystemInformation Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x913387c2 #: 330 Function Name: NtSuspendProcess Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x913388a6 #: 331 Function Name: NtSuspendThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91338962 #: 332 Function Name: NtSystemDebugControl Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x913380cc #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91336e90 #: 335 Function Name: NtTerminateThread Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91336de6 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x91336f70 Shadow SSDT ------------------- #: 013 Function Name: NtGdiBitBlt Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f27c #: 235 Function Name: NtGdiMaskBlt Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f340 #: 245 Function Name: NtGdiPlgBlt Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f3a6 #: 301 Function Name: NtGdiStretchBlt Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f2dc #: 317 Function Name: NtUserAttachThreadInput Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134eddc #: 333 Function Name: NtUserCallOneParam Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f194 #: 391 Function Name: NtUserFindWindowEx Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134efca #: 397 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ed44 #: 428 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f0cc #: 430 Function Name: NtUserGetKeyState Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ed90 #: 479 Function Name: NtUserMessageCall Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ef1c #: 497 Function Name: NtUserPostMessage Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ee72 #: 498 Function Name: NtUserPostThreadMessage Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134eec6 #: 513 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134f05c #: 525 Function Name: NtUserSendInput Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ef7c #: 573 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ec94 #: 576 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9134ecea ==EOF==