Active Virtumonde and error loading salizuya and vorosuka

[Active] Virtumonde and error loading salizuya and vorosuka

Hello, my spybot gave me 3 files and I have not been able to remove them. They are Virtumonde.prx, Virtumonde.sci, and Virtumonde. sdn. I have tried to get Spybot to delete them but they keep coming back. My antivirus, Norton Antivirus cannot detect them. Also, every time i start the computer, i receive two error popups saying "error loading C:\WINDOWS\system32\salizuya" and "error loading C:\WINDOWS\system3\vorosuka ". I was wondering if I could receive help on removing these problems. Thank you very much and here are my two logs from DDS.

Attach.txt:
DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2007 2:16:06 PM
System Uptime: 6/3/2009 4:53:06 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/83mhz
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/83mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 170.16 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Device ID: ROOT\NET\0000
Manufacturer: NETGEAR
Name: NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 #2
PNP Device ID: ROOT\NET\0000
Service: WPN111

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Printer Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Printer Port (LPT3)
PNP Device ID: ROOT\PORTS\0000
Service: Parport

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Absolute Mastermind v1.4
AC Tool
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
AI RoboForm (All Users)
AIM 6
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Blaze Media Pro
Bonjour
Choice Guard
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Crypto-Lock (remove only)
Drivers Install For Linksys Easylink Advisor
Enhancement Browser Tools Rightonadz
Finale NotePad 2008
FinePrint
Free YouTube to Mp3 Converter version 3.1
FundBalance General Ledger
Gem Figher
Ground Control II MP Demo
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Joyful Music Game O2Jam
KAWAI ????????FX
Linksys EasyLink Advisor 1.6 (0032)
Mabinogi
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Application Compatibility Database
MobileMe Control Panel
Mozilla Firefox (2.0.0.20)
MPlugin
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
NicoNicoDougaDownloader2
NJStar Communicator
NNDD2 - NicoNicoDougaDownloader2 - v0.81
Norton Internet Security
NVIDIA Drivers
Pando Media Booster
Pervasive System Analyzer
Pervasive.SQL V8 Workgroup (v8.5)
Preview Beta Test Release
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegClean
Rumble Fighter
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Segoe UI
Socialnetworking Helper Adssite
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Steam
SUPER © Version 2009.bld.35 (Jan 5, 2009)
SupportSoft Assisted Service
SWF Opener
Swords and Sandals 2 2.0
System Requirements Lab
Tiara's Moonshine Mod
Tyler GASB34 Reporter
UltimateDefrag 2008
Uninstall 1.0.0.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VeohTV BETA
Video mp3 Extractor Pro
Viewpoint Media Player
VSO Image Resizer 1.3.3
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XP Smoker Pro 5.4

==== Event Viewer Messages From Past Week ========

6/2/2009 6:40:17 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
6/1/2009 7:41:47 AM, error: ParVdm [2] - Unable to get device object pointer for port object.
5/28/2009 10:22:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

DDS.txt:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 17:33:02.45 on Wed 06/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.241 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: {67c1454c-c653-47f3-bd76-f9fa57bce707} - c:\windows\system32\jodenosi.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CPMdf184e86] Rundll32.exe "c:\windows\system32\salizuya.dll ",a
mRun: [gunuketizi] Rundll32.exe "c:\windows\system32\vorosuka.dll ",s
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} - hxxp://www.netgame.com/download/mglauncherusa.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} - hxxp://legendofares.netgame.com/download/MusaLauncherNew.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\hotomoho.dll,c:\windows\system32\volosejo.dll,c:\windows\system32\nehozipa.dll,c:\windows\system32\pasugusa.dll,zheglu.dll,qnabxr.dll,fvsnsh.dll,c:\windows\system32\vikeliwo.dll,ujpubb.dll,c:\windows\system32\betakoso.dll,c:\windows\system32\gafulono.dll,c:\windows\system32\vehuyafa.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\gafulono.dll
LSA: Notification Packages = scecli c:\windows\system32\hotomoho.dll c:\windows\system32\betakoso.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bkl290ke.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2009-6-3 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2009-6-3 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2009-6-3 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090528.001\IDSxpx86.sys [2009-6-3 276344]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2007-10-19 14336]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2009-6-3 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-3 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2007-10-19 8832]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090603.004\NAVENG.SYS [2009-6-3 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090603.004\NAVEX15.SYS [2009-6-3 876144]
S2 ee1eoo8ayiukea;Print Spooler Service; [x]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-2-2 17149]
S3 PRISM;D-Link Wireless LAN Driver; [x]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-2-2 362944]
S3 XDva037;XDva037; [x]
S3 XDva168;XDva168; [x]
S3 XDva189;XDva189; [x]
S3 XDva193;XDva193; [x]

=============== Created Last 30 ================

2009-06-03 17:32 359,893 a------- c:\program files\dds.scr
2009-06-03 16:18 <DIR> --d----- C:\VundoFix Backups
2009-06-03 15:03 <DIR> --d----- c:\program files\Adobe Flash Player 10
2009-06-03 13:54 <DIR> --d----- c:\program files\A
2009-06-03 12:07 446,168,405 a------- c:\program files\RJ049631.zip
2009-06-03 12:06 604,437,704 a------- c:\program files\RJ049674.zip
2009-06-03 12:01 439,248,100 a------- c:\program files\RJ041153.zip
2009-06-03 11:54 441,213,196 a------- c:\program files\RJ049727.zip
2009-06-03 11:39 <DIR> --dsh--- c:\documents and settings\administrator\IECompatCache
2009-06-03 11:30 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-03 11:30 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-03 11:30 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-03 11:30 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-03 11:30 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-03 11:30 <DIR> --d----- c:\program files\Symantec
2009-06-03 11:30 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-03 11:29 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-03 11:29 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-03 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-03 11:29 <DIR> --d----- c:\program files\NortonInstaller
2009-06-03 11:24 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-06-03 00:11 162,792,013 a------- c:\program files\[4LS]ks_a1_[win][B31099EF].exe
2009-06-02 22:44 <DIR> --d----- c:\program files\Crypto-Lock
2009-06-02 22:41 <DIR> --d----- c:\program files\alphacrypt2
2009-06-02 22:41 <DIR> --d----- c:\program files\Audacity
2009-06-02 22:37 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-02 22:37 <DIR> --d----- c:\program files\SUPER
2009-06-02 21:49 <DIR> --d----- c:\program files\Wakan
2009-06-02 20:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-02 18:40 <DIR> -cd-h--- c:\windows\ie8
2009-06-02 18:07 <DIR> --d----- c:\program files\common files\DiskTrix
2009-06-02 17:40 <DIR> --d----- c:\program files\Steam
2009-06-02 17:33 <DIR> --d----- c:\program files\Restore Utilities
2009-06-01 16:40 286,208 a------- c:\program files\cncs232.dll
2009-05-31 22:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\Braid
2009-05-31 22:05 <DIR> --d----- c:\windows\Logs
2009-05-31 21:56 <DIR> --d----- c:\program files\RoTaM.Braid.Repack
2009-05-29 15:53 <DIR> --d----- c:\program files\Dragonica Online - Preview Beta Test
2009-05-29 14:18 875,088,742 a------- c:\docume~1\admini~1\applic~1\DragonicaOnlinePBTInstaller.exe
2009-05-28 22:32 <DIR> --d----- c:\program files\Installation Files
2009-05-27 20:56 <DIR> --d----- C:\Users

==================== Find3M ====================

2009-06-02 18:24 358,638,452 a------- c:\program files\RJ035681.rar
2009-06-02 15:20 13,736,612 a------- c:\program files\T.rar
2009-05-31 20:49 107,194,997 a------- c:\program files\Braiding Hair techniques.rar
2009-05-26 19:59 2,299 a------- c:\program files\DoA.part1.rar
2009-05-10 21:15 6,997,120 a------- c:\program files\baby_girl_on_Jay_leno_show.wmv
2009-04-08 20:01 4,373,903 a------- c:\program files\PS09WW009.pdf
2009-04-03 21:42 520,642 a------- c:\program files\sp2005.pdf
2009-04-01 19:52 27,136 a------- c:\program files\Warrant Endorsement Authorization(2).doc
2009-04-01 19:52 27,136 a------- c:\program files\Warrant Endorsement Authorization.doc
2009-03-29 21:26 1,678,424 a------- c:\program files\registrybooster(2).exe
2009-03-29 21:26 1,678,424 a------- c:\program files\registrybooster.exe
2009-03-28 16:23 98 a------- c:\program files\airViewBoardingPassDefs(2).js
2009-03-28 16:23 98 a------- c:\program files\airViewBoardingPassDefs.js
2009-03-28 13:05 2,424,616 a------- c:\program files\WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe
2009-03-19 21:12 253,536 a------- c:\program files\Juan_Pablo_Montoya(2).htm
2009-03-19 21:10 253,536 a------- c:\program files\Juan_Pablo_Montoya.htm
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-14 20:44 156 a------- c:\program files\_AVG certification_(2).txt
2009-03-14 20:44 156 a------- c:\program files\_AVG certification_.txt
2009-03-10 22:36 1,918,418 a------- c:\program files\AntarcticPeninsulaLogFeb03.pdf
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-16 10:31 1,435,136 a------- c:\program files\Mexican Ambulance.avi
2008-11-09 12:33 30 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2008-11-04 20:28 23,552 a------- c:\program files\CAFR CH.7.doc
2008-10-23 14:51 5,242 a------- c:\program files\Japanese IME Tutorial Script.txt
2008-10-23 04:51 18,412 a------- c:\program files\Chapter 6(2).docx
2008-10-23 04:50 18,412 a------- c:\program files\Chapter 6.docx
2008-09-30 21:51 22,340 a------- c:\program files\GVT-Chapter 5.docx
2008-09-01 12:26 226,816 a------- c:\program files\Excel 2X Intermediate_2.exe
2008-09-01 12:22 226,816 a------- c:\program files\Excel 2X Intermediate.exe
2008-08-09 19:55 235 a------- c:\program files\RegClean.reg
2008-07-21 22:22 18,813,224 a------- c:\program files\Color the Sugar - The guild Video.wmv
2008-04-27 18:10 94,519 a------- c:\program files\mpn.pdf
2008-03-27 13:21 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2007-10-26 23:07 1,469,992 a------- c:\program files\GenuineCheck.exe
1999-10-20 03:20 335,872 a----r-- c:\program files\RitzPix.exe
2006-05-03 03:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 04:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 06:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 17:33:37.39 ===============

 

Hi aoa545
Welcome to WindowsBBS.

I see you have P2P software (KAWAI, Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

 

ComboFix 09-06-03.04 - Administrator 06/03/2009 21:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.582 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\urlredir.cfg
C:\install.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\abaruhep.ini
c:\windows\system32\adasolug.ini
c:\windows\system32\adssite-remove.exe
c:\windows\system32\aluginom.ini
c:\windows\system32\apadumeh.ini
c:\windows\system32\atuduhut.ini
c:\windows\system32\AVSredirect.dll
c:\windows\system32\epekawuk.ini
c:\windows\system32\eworowuy.ini
c:\windows\system32\eyemerij.ini
c:\windows\system32\Memman.vxd
c:\windows\system32\opapihik.ini
c:\windows\system32\ovezopaw.ini
c:\windows\system32\ozepolet.ini
c:\windows\system32\rightonadz-uninst.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\ubibotev.ini
c:\windows\system32\ububimem.ini
c:\windows\system32\ufebatub.ini
c:\windows\system32\ugorutim.ini
c:\windows\system32\umadefep.ini
c:\windows\system32\umipoger.ini
c:\windows\system32\ununutuy.ini
c:\windows\system32\usedapaj.ini
c:\windows\system32\usozoven.ini
c:\windows\system32\uwihumoz.ini
c:\windows\system32\uzugigof.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 04:16 . 2009-03-12 08:42 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-04 03:33 . 2009-06-03 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVENG.SYS
2009-06-04 03:33 . 2009-06-03 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVEX15.SYS
2009-06-04 03:33 . 2009-06-03 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\EECTRL.SYS
2009-06-04 03:33 . 2009-06-03 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\ECMSVR32.DLL
2009-06-04 03:33 . 2009-06-03 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\CCERASER.DLL
2009-06-04 03:33 . 2009-06-03 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVENG32.DLL
2009-06-04 03:33 . 2009-06-03 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\NAVEX32A.DLL
2009-06-04 03:33 . 2009-06-03 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090603.036\ERASER.SYS
2009-06-04 02:13 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-04 02:13 . 2009-06-04 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-04 02:13 . 2009-06-04 02:13 -------- d-----w- c:\program files\Lavasoft
2009-06-04 00:44 . 2009-06-04 02:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-04 00:35 . 2009-06-04 00:36 37452296 ----a-w- c:\program files\Ad-AwareAE.exe
2009-06-04 00:32 . 2009-06-04 00:32 359893 ----a-w- c:\program files\dds.scr
2009-06-03 23:28 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-06-03 23:28 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys
2009-06-03 23:28 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-06-03 23:28 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-06-03 23:28 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvia64.sys
2009-06-03 23:18 . 2009-06-03 23:18 -------- d-----w- C:\VundoFix Backups
2009-06-03 22:03 . 2009-06-03 22:03 -------- d-----w- c:\program files\Adobe Flash Player 10
2009-06-03 20:54 . 2009-06-04 03:41 -------- d-----w- c:\program files\A
2009-06-03 19:07 . 2009-06-03 20:09 446168405 ----a-w- c:\program files\RJ049631.zip
2009-06-03 19:06 . 2009-06-03 20:14 604437704 ----a-w- c:\program files\RJ049674.zip
2009-06-03 19:01 . 2009-06-03 20:07 439248100 ----a-w- c:\program files\RJ041153.zip
2009-06-03 18:54 . 2009-06-03 19:51 441213196 ----a-w- c:\program files\RJ049727.zip
2009-06-03 18:39 . 2009-06-03 18:39 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-03 18:29 . 2009-06-03 18:29 -------- d-----w- c:\program files\NortonInstaller
2009-06-03 18:24 . 2009-06-03 18:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-03 07:11 . 2009-05-18 02:46 162792013 ----a-w- c:\program files\[4LS]ks_a1_[win][B31099EF].exe
2009-06-03 07:11 . 2009-06-03 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hamachi
2009-06-03 05:44 . 2009-06-03 05:50 -------- d-----w- c:\program files\Crypto-Lock
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\program files\alphacrypt2
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\program files\Audacity
2009-06-03 05:37 . 2007-05-18 00:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-06-03 05:37 . 2004-02-22 17:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-03 05:37 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-03 05:37 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-03 05:37 . 2009-06-03 05:37 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-03 05:37 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-03 05:37 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-03 05:37 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-03 05:37 . 2009-06-03 05:37 -------- d-----w- c:\program files\SUPER
2009-06-03 04:49 . 2009-06-03 04:49 -------- d-----w- c:\program files\Wakan
2009-06-03 03:04 . 2009-06-03 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-03 01:40 . 2009-06-03 01:42 -------- dc-h--w- c:\windows\ie8
2009-06-03 01:07 . 2009-06-03 01:07 -------- d-----w- c:\program files\Common Files\DiskTrix
2009-06-03 00:40 . 2009-06-04 03:37 -------- d-----w- c:\program files\Steam
2009-06-03 00:33 . 2009-06-03 00:33 -------- d-----w- c:\program files\Restore Utilities
2009-06-01 23:40 . 2005-03-11 19:03 286208 ----a-w- c:\program files\cncs232.dll
2009-06-01 05:05 . 2009-06-01 05:05 -------- d-----w- c:\windows\Logs
2009-06-01 04:56 . 2009-04-18 07:24 -------- d-----w- c:\program files\RoTaM.Braid.Repack
2009-05-29 22:53 . 2009-05-29 22:58 -------- d-----w- c:\program files\Dragonica Online - Preview Beta Test
2009-05-29 21:18 . 2009-05-29 21:42 875088742 ----a-w- c:\documents and settings\Administrator\Application Data\DragonicaOnlinePBTInstaller.exe
2009-05-29 05:32 . 2009-06-03 23:17 -------- d-----w- c:\program files\Installation Files
2009-05-28 03:56 . 2009-05-28 03:56 -------- d-----w- C:\Users
2009-05-19 01:25 . 2009-05-08 04:10 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 01:25 . 2009-05-08 04:10 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 01:25 . 2009-05-08 04:09 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 01:25 . 2009-05-08 04:09 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 01:25 . 2009-05-08 04:09 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 01:25 . 2009-05-08 04:09 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 01:25 . 2009-05-08 04:10 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 01:24 . 2009-05-08 04:09 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 01:24 . 2009-05-08 04:09 1437464 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-14 04:29 . 2009-05-08 04:10 3399960 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-14 04:29 . 2009-05-08 04:10 2302232 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 04:05 . 2007-10-14 04:11 54240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 03:57 . 2007-10-15 22:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-06-04 03:33 . 2009-06-03 18:30 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-04 03:33 . 2009-06-03 18:30 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-04 03:33 . 2009-06-03 18:30 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-04 03:33 . 2009-06-03 18:30 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-04 03:33 . 2009-06-03 18:30 -------- d-----w- c:\program files\Symantec
2009-06-04 01:08 . 2008-01-29 07:20 -------- d-----w- c:\program files\DS
2009-06-03 23:05 . 2007-12-16 04:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 23:01 . 2007-12-16 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 19:07 . 2009-06-03 18:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 18:30 . 2009-06-03 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-03 18:30 . 2009-06-03 18:30 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-03 18:30 . 2009-06-03 18:30 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-03 18:30 . 2009-06-03 18:30 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-03 18:29 . 2009-06-03 18:29 -------- d-----w- c:\program files\Norton Internet Security
2009-06-03 18:29 . 2009-06-03 18:29 -------- d-----w- c:\program files\Windows Sidebar
2009-06-03 06:11 . 2008-08-20 21:33 -------- d-----w- c:\program files\music
2009-06-03 05:52 . 2008-12-23 08:23 -------- d-----w- c:\program files\AC Tool
2009-06-03 04:48 . 2007-10-14 01:57 -------- d-----w- c:\program files\solarrise
2009-06-03 03:11 . 2008-06-16 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-03 01:24 . 2009-06-03 01:19 358638452 ----a-w- c:\program files\RJ035681.rar
2009-06-02 22:20 . 2009-06-02 22:20 13736612 ----a-w- c:\program files\T.rar
2009-06-01 22:45 . 2007-11-04 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-06-01 05:07 . 2009-06-01 05:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Braid
2009-06-01 04:55 . 2007-10-14 03:44 -------- d-----w- c:\program files\directx
2009-06-01 04:49 . 2008-06-25 03:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 05:33 . 2009-03-21 01:47 -------- d-s---w- c:\program files\Mabinogi
2009-05-27 02:59 . 2009-05-26 19:26 2299 ----a-w- c:\program files\DoA.part1.rar
2009-05-23 07:46 . 2007-11-13 06:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-05-11 04:15 . 2009-05-11 04:15 6997120 ----a-w- c:\program files\baby_girl_on_Jay_leno_show.wmv
2009-04-17 23:58 . 2009-05-02 20:20 954368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 23:58 . 2009-05-02 20:20 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 23:58 . 2009-05-02 20:20 1161626 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 23:58 . 2009-05-02 20:20 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 23:58 . 2009-05-02 20:20 71652 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 23:58 . 2009-05-02 20:20 4579328 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 23:58 . 2009-05-02 20:20 4534272 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 23:58 . 2009-05-02 20:20 131868 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-17 23:58 . 2009-05-02 20:20 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-09 03:01 . 2009-04-09 03:01 4373903 ----a-w- c:\program files\PS09WW009.pdf
2009-04-04 04:42 . 2009-04-04 04:42 520642 ----a-w- c:\program files\sp2005.pdf
2009-04-02 04:13 . 2009-04-02 04:13 45056 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\8\629e21c8-713d3ea1-n\jniwrap.dll
2009-04-02 02:52 . 2009-04-02 02:53 27136 ----a-w- c:\program files\Warrant Endorsement Authorization(2).doc
2009-04-02 02:52 . 2009-04-02 02:52 27136 ----a-w- c:\program files\Warrant Endorsement Authorization.doc
2009-03-30 04:26 . 2009-03-30 04:26 1678424 ----a-w- c:\program files\registrybooster(2).exe
2009-03-30 04:26 . 2009-03-30 04:26 1678424 ----a-w- c:\program files\registrybooster.exe
2009-03-28 23:23 . 2009-03-28 23:23 98 ----a-w- c:\program files\airViewBoardingPassDefs(2).js
2009-03-28 23:23 . 2009-03-28 23:23 98 ----a-w- c:\program files\airViewBoardingPassDefs.js
2009-03-28 20:05 . 2009-03-28 20:05 2424616 ----a-w- c:\program files\WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe
2009-03-21 01:42 . 2008-08-12 23:02 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-03-20 04:12 . 2009-03-20 04:12 253536 ----a-w- c:\program files\Juan_Pablo_Montoya(2).htm
2009-03-20 04:10 . 2009-03-20 04:10 253536 ----a-w- c:\program files\Juan_Pablo_Montoya.htm
2009-03-16 21:18 . 2009-06-01 05:06 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-06-01 05:06 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-06-01 05:06 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-06-01 05:06 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-15 03:44 . 2009-03-15 03:44 156 ----a-w- c:\program files\_AVG certification_(2).txt
2009-03-15 03:44 . 2009-03-15 03:44 156 ----a-w- c:\program files\_AVG certification_.txt
2009-03-12 08:42 . 2009-06-03 18:30 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-03-12 08:42 . 2009-06-03 18:30 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-03-11 05:36 . 2009-03-11 05:36 1918418 ----a-w- c:\program files\AntarcticPeninsulaLogFeb03.pdf
2009-03-09 22:27 . 2009-06-01 05:06 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-06-01 05:06 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 22:27 . 2009-06-01 05:06 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-08 11:34 . 2004-08-04 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-02-16 17:31 . 2009-02-16 17:31 1435136 ----a-w- c:\program files\Mexican Ambulance.avi
2008-11-05 03:28 . 2008-11-05 03:28 23552 ----a-w- c:\program files\CAFR CH.7.doc
2008-10-23 21:51 . 2009-06-03 04:56 5242 ----a-w- c:\program files\Japanese IME Tutorial Script.txt
2008-10-23 11:51 . 2008-10-23 11:51 18412 ----a-w- c:\program files\Chapter 6(2).docx
2008-10-23 11:50 . 2008-10-23 11:51 18412 ----a-w- c:\program files\Chapter 6.docx
2008-10-01 04:51 . 2008-10-01 04:51 22340 ----a-w- c:\program files\GVT-Chapter 5.docx
2008-09-01 19:26 . 2008-09-01 19:26 226816 ----a-w- c:\program files\Excel 2X Intermediate_2.exe
2008-09-01 19:22 . 2008-09-01 19:22 226816 ----a-w- c:\program files\Excel 2X Intermediate.exe
2008-08-10 02:55 . 2008-08-10 02:55 235 ----a-w- c:\program files\RegClean.reg
2008-07-22 05:22 . 2008-07-22 05:19 18813224 ----a-w- c:\program files\Color the Sugar - The guild Video.wmv
2008-04-28 01:10 . 2008-04-28 01:10 94519 ----a-w- c:\program files\mpn.pdf
2007-10-27 06:07 . 2007-10-27 06:07 1469992 ----a-w- c:\program files\GenuineCheck.exe
1999-10-20 10:20 . 2008-06-29 16:33 335872 ----a-r- c:\program files\RitzPix.exe
2008-12-20 01:39 . 2008-07-24 02:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 01:39 . 2008-07-24 02:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 01:39 . 2008-07-24 02:00 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-06-27 21:59 . 2008-08-06 14:36 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2008-12-20 01:39 . 2008-07-24 02:00 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 01:39 . 2008-07-24 02:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-06-03 05:37 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-06-03 05:37 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-06-03 05:37 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-04 518488]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2003-10-29 106546]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-2-2 884838]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57391:TCP "= 57391:TCPando Media Booster
"57391:UDP "= 57391:UDPando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/3/2009 9:00 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/3/2009 8:33 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/3/2009 8:33 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/3/2009 8:33 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys [6/3/2009 4:28 PM 276344]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [10/19/2007 6:16 PM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/3/2009 8:33 PM 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/13/2007 7:04 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/3/2009 1:00 AM 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [10/19/2007 6:16 PM 8832]
S2 ee1eoo8ayiukea;Print Spooler Service; [x]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2/2/2008 8:40 PM 17149]
S3 PRISM;D-Link Wireless LAN Driver; [x]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2/2/2008 8:40 PM 362944]
S3 XDva037;XDva037; [x]
S3 XDva168;XDva168; [x]
S3 XDva189;XDva189; [x]
S3 XDva193;XDva193; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{67c1454c-c653-47f3-bd76-f9fa57bce707} - c:\windows\system32\jodenosi.dll
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-CPMdf184e86 - c:\windows\system32\salizuya.dll
HKLM-Run-gunuketizi - c:\windows\system32\vorosuka.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} - hxxp://www.netgame.com/download/mglauncherusa.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff20_meter2.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 21:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1004336348-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,20,db,77,4f,c4,fe,43,bc,7b,37,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,20,db,77,4f,c4,fe,43,bc,7b,37,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03975035-e870-470a-8be6-35552d52f4ac}]
@Denied: (Full) (Everyone)
"Model "=dword:00000126
"Therad "=dword:00000011
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,e1,69,ab,28,0d,
27,9b,b4,04,a3,b7,bd,5b,11,77,40,37,72,11,8a,ca,3e,f8,d4,c1,3d,e4,c8,e3,43,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):90,8b,b7,e3,7f,da,aa,81,95,17,49,d3,36,bd,67,8a,c5,3d,b2,32,5a,
7c,ab,18,3e,6a,ed,3d,13,a1,ea,a6,bb,bc,9d,e9,8d,4f,9c,e6,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(456)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-04 21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 04:20

Pre-Run: 160,010,313,728 bytes free
Post-Run: 159,897,079,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

382 --- E O F --- 2008-12-18 04:29

 

Hi

OK need some answers. Please answer all my questions.
What are these?
c:\program files\RJ049631.zip
c:\program files\RJ049674.zip
c:\program files\RJ041153.zip
c:\program files\RJ049727.zip

Have you uninstalled AVG 8?

A number of the programs you have are coming up as possable torrent programs, these could or could not all be infected.
We need to run a on line scan to see what we are dealing with.

Please note that we do not approve of stolen, hacked or cracked programs and any that show to be such will need to be deleted.

If you wish to proceed please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now this.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Geri

 

Hello,
The aforementioned files:
c:\program files\RJ049631.zip
c:\program files\RJ049674.zip
c:\program files\RJ041153.zip
c:\program files\RJ049727.zip
are games and videos that I have downloaded through megaupload.

I uninstalled AVG 8 when I installed Norton.

I used the ATF Cleaner.

However, when I went to the Kaspersky website, as it was updating, it gave me the message that "Starting Java applet has failed! Please go online to use this program." Yet it completed the update. I was wondering if this will have an effect on the scan.
Thank you~

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, June 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 06, 2009 19:42:57
Records in database: 2319479
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 61408
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:08:53

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

Hi

No, it shouldn't.

OK please do this.


Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

c:\documents and settings\All Users\Application Data\avg8

Empty your recycle bin.

Let me know how things are running.

Geri

 

Hello, I have deleted the avg8 folder and emptied my recycle bin.

 

Hi
Any warnings from Norton or Spybot on Virtumonde ?

How is your computer running?

Geri

 

Hello,
It seems that Norton cannot find Virtumonde; neither can Ad-Aware, which I have recently installed. My latest scan of Spybot has shown Virtumonde.prx. Every time I fix the selected problems with Spybot, it keeps on coming back. So far, in Spybot's history of scans, it has found 3 instances of virtumonde.sdn, 41 instances of virtumonde, 3 instances of virtumonde.dll, 8 instances of virtumonde.prx, and 7 instances of virtumonde.sci .
My computer still has the two RUNDLL errors that pop up saying "Error loading C:\WINDOWS\system32\salizuya.dll" as well as vorosuka.
My computer seems to be running fine, except a bit slower than usual.

 

Hi
OK lets do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

File::
C:\WINDOWS\system32\salizuya.dll
C:\WINDOWS\system32\vorosuka.dll

Driver::
ee1eoo8ayiukea 

Please post the Combofix log.

Geri

 

Hello, when ComboFix was rebooting my computer a message box opened up saying " "catchme.cfexe - DLL Initialization Failed
The application failed to initialize because the window station is shutting down. "
Then it rebooted. Also, while ComboFix was creating the log, another box opened up saying "Cannot export RegRuns00: Error opening the file. There may be a disk or file system error. "
Here is the log:

ComboFix 09-06-09.06 - Administrator 06/09/2009 21:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.625 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\salizuya.dll "
"c:\windows\system32\vorosuka.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EE1EOO8AYIUKEA
-------\Service_ee1eoo8ayiukea


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 04:25 . 2009-03-12 08:42 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-10 00:09 . 2009-06-06 23:38 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\NAVENG.SYS
2009-06-10 00:09 . 2009-06-06 23:38 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\NAVEX15.SYS
2009-06-10 00:09 . 2009-06-06 23:38 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\NAVENG32.DLL
2009-06-10 00:09 . 2009-06-06 23:38 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\NAVEX32A.DLL
2009-06-10 00:09 . 2009-06-06 23:38 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\EECTRL.SYS
2009-06-10 00:09 . 2009-06-06 23:38 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\ECMSVR32.DLL
2009-06-10 00:09 . 2009-06-06 23:38 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\CCERASER.DLL
2009-06-10 00:09 . 2009-06-06 23:38 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090609.037\ERASER.SYS
2009-06-08 23:54 . 2009-06-08 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Beelzebub
2009-06-08 23:40 . 2008-10-28 22:28 196608 ----a-w- c:\program files\wuvorbis.dll
2009-06-08 23:40 . 2007-02-28 03:44 413696 ----a-w- c:\program files\imgctl.dll
2009-06-08 20:58 . 2009-06-08 20:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\RenPy
2009-06-08 20:56 . 2009-06-08 20:57 -------- d-----w- c:\program files\Katawa Shoujo Act 1
2009-06-08 18:46 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:46 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:46 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-08 18:46 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:46 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-07 05:37 . 2009-06-07 05:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Chris And Akshai Are Awesome Inc
2009-06-07 05:26 . 2009-06-07 05:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\JeffandPatrick
2009-06-07 05:21 . 2009-06-07 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\USC Interactive Media Division
2009-06-06 08:10 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-06-06 08:10 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys
2009-06-06 08:10 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-06-06 08:10 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-06-06 08:10 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvia64.sys
2009-06-06 08:07 . 2009-03-12 08:42 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-06 08:07 . 2009-03-12 08:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-06 08:06 . 2009-06-06 22:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-06 08:06 . 2009-06-06 11:08 -------- d-----w- c:\program files\Symantec
2009-06-06 08:06 . 2009-06-06 11:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-06 08:06 . 2009-06-06 11:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-06 08:06 . 2009-06-06 08:06 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-06 08:06 . 2009-06-06 08:06 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-06 08:06 . 2009-06-06 08:06 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-06 08:06 . 2009-06-07 19:23 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-06 08:06 . 2009-06-06 08:06 -------- d-----w- c:\program files\Norton Internet Security
2009-06-06 08:06 . 2009-06-06 08:06 -------- d-----w- c:\program files\Windows Sidebar
2009-06-06 08:05 . 2009-06-06 08:05 -------- d-----w- c:\program files\NortonInstaller
2009-06-06 06:13 . 2009-06-06 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-04 23:43 . 2009-06-04 23:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ì•iÉî
2009-06-04 21:54 . 2009-06-04 21:54 -------- d-----w- c:\program files\7-Zip
2009-06-04 21:29 . 2009-06-04 21:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\G–V_ƒVƒ‡ƒbƒNƒ{[ƒC_
2009-06-04 07:19 . 2009-06-04 04:00 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-04 07:09 . 2009-06-04 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-04 02:13 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-04 02:13 . 2009-06-04 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-04 02:13 . 2009-06-04 02:13 -------- d-----w- c:\program files\Lavasoft
2009-06-04 00:44 . 2009-06-04 02:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-03 22:03 . 2009-06-03 22:03 -------- d-----w- c:\program files\Adobe Flash Player 10
2009-06-03 20:54 . 2009-06-10 00:44 -------- d-----w- c:\program files\A
2009-06-03 18:39 . 2009-06-03 18:39 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-03 18:29 . 2009-06-06 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-03 18:24 . 2009-06-03 18:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-03 07:11 . 2009-05-18 02:46 162792013 ----a-w- c:\program files\[4LS]ks_a1_[win][B31099EF].exe
2009-06-03 07:11 . 2009-06-03 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hamachi
2009-06-03 05:44 . 2009-06-03 05:50 -------- d-----w- c:\program files\Crypto-Lock
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\program files\alphacrypt2
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\program files\Audacity
2009-06-03 05:37 . 2007-05-18 00:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-06-03 05:37 . 2004-02-22 17:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-03 05:37 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-03 05:37 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-03 05:37 . 2009-06-03 05:37 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-03 05:37 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-03 05:37 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-03 05:37 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-03 05:37 . 2009-06-03 05:37 -------- d-----w- c:\program files\SUPER
2009-06-03 04:49 . 2009-06-03 04:49 -------- d-----w- c:\program files\Wakan
2009-06-03 03:04 . 2009-06-03 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-03 01:40 . 2009-06-03 01:42 -------- dc-h--w- c:\windows\ie8
2009-06-03 01:07 . 2009-06-03 01:07 -------- d-----w- c:\program files\Common Files\DiskTrix
2009-06-03 00:40 . 2009-06-09 07:27 -------- d-----w- c:\program files\Steam
2009-06-03 00:33 . 2009-06-03 00:33 -------- d-----w- c:\program files\Restore Utilities
2009-06-01 23:40 . 2005-03-11 19:03 286208 ----a-w- c:\program files\cncs232.dll
2009-06-01 05:05 . 2009-06-01 05:05 -------- d-----w- c:\windows\Logs
2009-06-01 04:56 . 2009-04-18 07:24 -------- d-----w- c:\program files\RoTaM.Braid.Repack
2009-05-29 22:53 . 2009-05-29 22:58 -------- d-----w- c:\program files\Dragonica Online - Preview Beta Test
2009-05-29 21:18 . 2009-05-29 21:42 875088742 ----a-w- c:\documents and settings\Administrator\Application Data\DragonicaOnlinePBTInstaller.exe
2009-05-29 05:32 . 2009-06-07 05:13 -------- d-----w- c:\program files\Installation Files
2009-05-28 03:56 . 2009-05-28 03:56 -------- d-----w- C:\Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 00:26 . 2009-03-22 23:04 -------- d-----w- c:\program files\New Folder
2009-06-08 07:01 . 2008-01-29 07:20 -------- d-----w- c:\program files\DS
2009-06-06 11:08 . 2009-06-06 08:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-06 11:08 . 2009-06-06 08:06 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-04 07:19 . 2008-12-23 08:23 -------- d-----w- c:\program files\AC Tool
2009-06-04 04:05 . 2007-10-14 04:11 54240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 03:57 . 2007-10-15 22:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-06-03 23:05 . 2007-12-16 04:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 23:01 . 2007-12-16 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 06:11 . 2008-08-20 21:33 -------- d-----w- c:\program files\music
2009-06-03 04:48 . 2007-10-14 01:57 -------- d-----w- c:\program files\solarrise
2009-06-01 22:45 . 2007-11-04 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-06-01 05:07 . 2009-06-01 05:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Braid
2009-06-01 04:55 . 2007-10-14 03:44 -------- d-----w- c:\program files\directx
2009-06-01 04:49 . 2008-06-25 03:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 05:33 . 2009-03-21 01:47 -------- d-s---w- c:\program files\Mabinogi
2009-05-23 07:46 . 2007-11-13 06:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-05-11 04:15 . 2009-05-11 04:15 6997120 ----a-w- c:\program files\baby_girl_on_Jay_leno_show.wmv
2009-04-17 23:58 . 2009-05-02 20:20 954368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 23:58 . 2009-05-02 20:20 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 23:58 . 2009-05-02 20:20 1161626 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 23:58 . 2009-05-02 20:20 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 23:58 . 2009-05-02 20:20 71652 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 23:58 . 2009-05-02 20:20 4579328 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 23:58 . 2009-05-02 20:20 4534272 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 23:58 . 2009-05-02 20:20 131868 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-17 23:58 . 2009-05-02 20:20 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-09 03:01 . 2009-04-09 03:01 4373903 ----a-w- c:\program files\PS09WW009.pdf
2009-04-04 04:42 . 2009-04-04 04:42 520642 ----a-w- c:\program files\sp2005.pdf
2009-04-02 04:13 . 2009-04-02 04:13 45056 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\8\629e21c8-713d3ea1-n\jniwrap.dll
2009-04-02 02:52 . 2009-04-02 02:53 27136 ----a-w- c:\program files\Warrant Endorsement Authorization(2).doc
2009-04-02 02:52 . 2009-04-02 02:52 27136 ----a-w- c:\program files\Warrant Endorsement Authorization.doc
2009-03-30 04:26 . 2009-03-30 04:26 1678424 ----a-w- c:\program files\registrybooster(2).exe
2009-03-30 04:26 . 2009-03-30 04:26 1678424 ----a-w- c:\program files\registrybooster.exe
2009-03-28 23:23 . 2009-03-28 23:23 98 ----a-w- c:\program files\airViewBoardingPassDefs(2).js
2009-03-28 23:23 . 2009-03-28 23:23 98 ----a-w- c:\program files\airViewBoardingPassDefs.js
2009-03-28 20:05 . 2009-03-28 20:05 2424616 ----a-w- c:\program files\WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe
2009-03-21 01:42 . 2008-08-12 23:02 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-03-20 04:12 . 2009-03-20 04:12 253536 ----a-w- c:\program files\Juan_Pablo_Montoya(2).htm
2009-03-20 04:10 . 2009-03-20 04:10 253536 ----a-w- c:\program files\Juan_Pablo_Montoya.htm
2009-03-16 21:18 . 2009-06-01 05:06 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-06-01 05:06 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-06-01 05:06 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-06-01 05:06 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-15 03:44 . 2009-03-15 03:44 156 ----a-w- c:\program files\_AVG certification_(2).txt
2009-03-15 03:44 . 2009-03-15 03:44 156 ----a-w- c:\program files\_AVG certification_.txt
2009-03-11 05:36 . 2009-03-11 05:36 1918418 ----a-w- c:\program files\AntarcticPeninsulaLogFeb03.pdf
2009-02-16 17:31 . 2009-02-16 17:31 1435136 ----a-w- c:\program files\Mexican Ambulance.avi
2008-11-05 03:28 . 2008-11-05 03:28 23552 ----a-w- c:\program files\CAFR CH.7.doc
2008-10-23 21:51 . 2009-06-03 04:56 5242 ----a-w- c:\program files\Japanese IME Tutorial Script.txt
2008-10-23 11:51 . 2008-10-23 11:51 18412 ----a-w- c:\program files\Chapter 6(2).docx
2008-10-23 11:50 . 2008-10-23 11:51 18412 ----a-w- c:\program files\Chapter 6.docx
2008-10-01 04:51 . 2008-10-01 04:51 22340 ----a-w- c:\program files\GVT-Chapter 5.docx
2008-09-01 19:26 . 2008-09-01 19:26 226816 ----a-w- c:\program files\Excel 2X Intermediate_2.exe
2008-09-01 19:22 . 2008-09-01 19:22 226816 ----a-w- c:\program files\Excel 2X Intermediate.exe
2008-08-10 02:55 . 2008-08-10 02:55 235 ----a-w- c:\program files\RegClean.reg
2008-07-22 05:22 . 2008-07-22 05:19 18813224 ----a-w- c:\program files\Color the Sugar - The guild Video.wmv
2008-04-28 01:10 . 2008-04-28 01:10 94519 ----a-w- c:\program files\mpn.pdf
2007-10-27 06:07 . 2007-10-27 06:07 1469992 ----a-w- c:\program files\GenuineCheck.exe
1999-10-20 10:20 . 2008-06-29 16:33 335872 ----a-r- c:\program files\RitzPix.exe
2008-12-20 01:39 . 2008-07-24 02:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 01:39 . 2008-07-24 02:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 01:39 . 2008-07-24 02:00 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-06-27 21:59 . 2008-08-06 14:36 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2008-12-20 01:39 . 2008-07-24 02:00 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 01:39 . 2008-07-24 02:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-06-03 05:37 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-06-03 05:37 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-06-03 05:37 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_04.16.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-04 12:00 . 2009-03-08 20:34 64314 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-06-04 18:33 64314 c:\windows\system32\perfc009.dat
+ 2007-10-11 21:10 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2007-10-11 21:10 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2008-08-03 22:02 . 2009-06-07 18:23 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-08-03 22:02 . 2008-11-08 17:32 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-06 22:18 . 2009-06-06 22:18 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-06-04 03:33 . 2009-03-12 08:43 39984 c:\windows\system32\drivers\NIS\1005000.087\symndisv.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 39984 c:\windows\system32\drivers\NIS\1005000.087\symndisv.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 37296 c:\windows\system32\drivers\NIS\1005000.087\symndis.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 37296 c:\windows\system32\drivers\NIS\1005000.087\symndis.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 34736 c:\windows\system32\drivers\NIS\1005000.087\symids.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 34736 c:\windows\system32\drivers\NIS\1005000.087\symids.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 89776 c:\windows\system32\drivers\NIS\1005000.087\symfw.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 89776 c:\windows\system32\drivers\NIS\1005000.087\symfw.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 43696 c:\windows\system32\drivers\NIS\1005000.087\srtspx.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 43696 c:\windows\system32\drivers\NIS\1005000.087\srtspx.sys
- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2007-10-11 21:10 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-10-11 21:10 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-06-04 07:30 . 2009-06-04 07:30 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-12-12 06:06 . 2008-12-12 06:06 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 02:05 . 2007-03-23 02:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2006-10-27 04:07 . 2006-10-27 04:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
- 2007-10-11 21:46 . 2008-12-12 06:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2008-09-06 07:29 . 2009-03-11 05:18 934792 c:\windows\system32\WgaTray.exe
+ 2008-09-06 07:30 . 2009-03-11 05:18 239496 c:\windows\system32\WgaLogon.dll
+ 2007-10-11 21:10 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2007-10-11 21:10 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2007-10-11 21:10 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-04 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2004-08-04 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-04 12:00 . 2009-06-04 18:33 408792 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-03-08 20:34 408792 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2004-08-04 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2007-10-11 14:06 . 2009-06-04 04:02 228000 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-11 14:06 . 2009-06-04 18:29 228000 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 217392 c:\windows\system32\drivers\NIS\1005000.087\symtdi.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 217392 c:\windows\system32\drivers\NIS\1005000.087\symtdi.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 310320 c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 310320 c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 307760 c:\windows\system32\drivers\NIS\1005000.087\srtsp.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 307760 c:\windows\system32\drivers\NIS\1005000.087\srtsp.sys
+ 2009-06-06 11:07 . 2009-06-06 11:07 482352 c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys
- 2009-06-04 03:33 . 2009-06-04 03:33 482352 c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys
+ 2009-06-06 11:08 . 2009-03-12 08:43 258608 c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys
- 2009-06-04 03:33 . 2009-03-12 08:43 258608 c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys
+ 2007-10-11 21:10 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2007-10-11 21:10 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2007-10-11 21:10 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2008-09-06 07:29 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-06 07:30 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
+ 2004-08-04 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2004-08-04 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2007-10-11 21:10 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2007-10-11 21:10 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\advapi32.dll
+ 2007-10-11 21:46 . 2009-06-04 07:31 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-11 21:46 . 2009-06-04 07:31 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-11 21:46 . 2008-12-12 06:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2004-08-04 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
- 2004-08-04 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2004-08-04 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2008-08-14 09:58 2136064 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2008-08-14 09:22 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-09-06 07:30 . 2009-03-11 05:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2004-08-04 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
- 2004-08-04 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2004-08-04 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2007-02-28 09:10 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-02-28 08:38 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 08:38 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 08:38 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 09:08 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 09:08 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-03 01:07 . 2009-02-03 01:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-06-04 07:27 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-04 518488]
"CPMdf184e86 "= "c:\windows\system32\salizuya.dll" [BU]
"gunuketizi "= "c:\windows\system32\vorosuka.dll" [BU]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2003-10-29 106546]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-2-2 884838]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57391:TCP "= 57391:TCPando Media Booster
"57391:UDP "= 57391:UDPando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/3/2009 9:00 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/6/2009 4:08 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/6/2009 4:08 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/6/2009 4:07 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys [6/8/2009 11:46 AM 276344]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [10/19/2007 6:16 PM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/6/2009 4:08 AM 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/13/2007 7:04 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2009 4:38 PM 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [10/19/2007 6:16 PM 8832]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2/2/2008 8:40 PM 17149]
S3 PRISM;D-Link Wireless LAN Driver; [x]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2/2/2008 8:40 PM 362944]
S3 XDva037;XDva037; [x]
S3 XDva168;XDva168; [x]
S3 XDva189;XDva189; [x]
S3 XDva193;XDva193; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{67c1454c-c653-47f3-bd76-f9fa57bce707} - (no file)
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} - hxxp://www.netgame.com/download/mglauncherusa.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff20_meter2.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1004336348-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,20,db,77,4f,c4,fe,43,bc,7b,37,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,20,db,77,4f,c4,fe,43,bc,7b,37,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03975035-e870-470a-8be6-35552d52f4ac}]
@Denied: (Full) (Everyone)
"Model "=dword:00000126
"Therad "=dword:00000011
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,e1,69,ab,28,0d,
27,9b,b4,04,a3,b7,bd,5b,11,77,40,37,72,11,8a,ca,3e,f8,d4,c1,3d,e4,c8,e3,43,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):90,8b,b7,e3,7f,da,aa,81,95,17,49,d3,36,bd,67,8a,c5,3d,b2,32,5a,
7c,ab,18,3e,6a,ed,3d,13,a1,ea,a6,bb,bc,9d,e9,8d,4f,9c,e6,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 21:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 04:33
ComboFix2.txt 2009-06-04 04:20

Pre-Run: 104,201,351,168 bytes free
Post-Run: 104,442,695,680 bytes free

494 --- E O F --- 2009-06-06 08:16

 

Hi
OK One more time.

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

File::
c:\windows\system32\salizuya.dll
c:\windows\system32\vorosuka.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "CPMdf184e86 "=-
 "gunuketizi "=-

Please post the Combofix log.

Geri

 

ComboFix 09-06-09.06 - Administrator 06/10/2009 15:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.629 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\salizuya.dll "
"c:\windows\system32\vorosuka.dll "
.

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 20:24 . 2009-06-10 20:24 3000240 ----a-w- c:\program files\AiRoboForm.exe
2009-06-10 19:52 . 2009-06-10 19:52 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-10 19:49 . 2009-06-06 23:38 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\NAVENG.SYS
2009-06-10 19:49 . 2009-06-06 23:38 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\NAVEX15.SYS
2009-06-10 19:49 . 2009-06-06 23:38 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\EECTRL.SYS
2009-06-10 19:49 . 2009-06-06 23:38 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\ECMSVR32.DLL
2009-06-10 19:49 . 2009-06-06 23:38 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\CCERASER.DLL
2009-06-10 19:49 . 2009-06-06 23:38 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\NAVENG32.DLL
2009-06-10 19:49 . 2009-06-06 23:38 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\NAVEX32A.DLL
2009-06-10 19:49 . 2009-06-06 23:38 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090610.002\ERASER.SYS
2009-06-10 19:38 . 2009-03-12 08:42 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-09 19:56 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 19:56 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 19:56 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-09 19:56 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-08 23:54 . 2009-06-08 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Beelzebub
2009-06-08 23:40 . 2008-10-28 22:28 196608 ----a-w- c:\program files\wuvorbis.dll
2009-06-08 23:40 . 2007-02-28 03:44 413696 ----a-w- c:\program files\imgctl.dll
2009-06-08 20:58 . 2009-06-08 20:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\RenPy
2009-06-08 20:56 . 2009-06-08 20:57 -------- d-----w- c:\program files\Katawa Shoujo Act 1
2009-06-08 18:46 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:46 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:46 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-08 18:46 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:46 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-07 05:37 . 2009-06-07 05:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Chris And Akshai Are Awesome Inc
2009-06-07 05:26 . 2009-06-07 05:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\JeffandPatrick
2009-06-07 05:21 . 2009-06-07 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\USC Interactive Media Division
2009-06-06 08:10 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-06-06 08:10 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.sys
2009-06-06 08:10 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-06-06 08:10 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-06-06 08:10 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvia64.sys
2009-06-06 08:07 . 2009-03-12 08:42 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-06-06 08:07 . 2009-03-12 08:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-06 08:06 . 2009-06-06 22:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-06 08:06 . 2009-06-06 11:08 -------- d-----w- c:\program files\Symantec
2009-06-06 08:06 . 2009-06-06 11:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-06 08:06 . 2009-06-06 11:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-06 08:06 . 2009-06-06 08:06 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-06 08:06 . 2009-06-06 08:06 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-06 08:06 . 2009-06-06 08:06 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-06 08:06 . 2009-06-07 19:23 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-06 08:06 . 2009-06-06 08:06 -------- d-----w- c:\program files\Norton Internet Security
2009-06-06 08:06 . 2009-06-06 08:06 -------- d-----w- c:\program files\Windows Sidebar
2009-06-06 08:05 . 2009-06-06 08:05 -------- d-----w- c:\program files\NortonInstaller
2009-06-06 06:13 . 2009-06-06 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-04 23:43 . 2009-06-04 23:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ì•iÉî
2009-06-04 21:54 . 2009-06-04 21:54 -------- d-----w- c:\program files\7-Zip
2009-06-04 21:29 . 2009-06-04 21:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\G–V_ƒVƒ‡ƒbƒNƒ{[ƒC_
2009-06-04 07:19 . 2009-06-04 04:00 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-04 07:09 . 2009-06-04 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-04 02:13 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-04 02:13 . 2009-06-04 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-04 02:13 . 2009-06-04 02:13 -------- d-----w- c:\program files\Lavasoft
2009-06-04 00:44 . 2009-06-04 02:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-03 22:03 . 2009-06-03 22:03 -------- d-----w- c:\program files\Adobe Flash Player 10
2009-06-03 20:54 . 2009-06-10 00:44 -------- d-----w- c:\program files\A
2009-06-03 18:39 . 2009-06-03 18:39 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-03 18:29 . 2009-06-06 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-03 18:24 . 2009-06-03 18:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-03 07:11 . 2009-05-18 02:46 162792013 ----a-w- c:\program files\[4LS]ks_a1_[win][B31099EF].exe
2009-06-03 07:11 . 2009-06-03 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hamachi
2009-06-03 05:44 . 2009-06-03 05:50 -------- d-----w- c:\program files\Crypto-Lock
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\program files\alphacrypt2
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\program files\Audacity
2009-06-03 05:37 . 2007-05-18 00:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-06-03 05:37 . 2004-02-22 17:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-03 05:37 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-03 05:37 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-03 05:37 . 2009-06-03 05:37 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-03 05:37 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-03 05:37 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-03 05:37 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-03 05:37 . 2009-06-03 05:37 -------- d-----w- c:\program files\SUPER
2009-06-03 04:49 . 2009-06-03 04:49 -------- d-----w- c:\program files\Wakan
2009-06-03 03:04 . 2009-06-03 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-03 01:40 . 2009-06-03 01:42 -------- dc-h--w- c:\windows\ie8
2009-06-03 01:07 . 2009-06-03 01:07 -------- d-----w- c:\program files\Common Files\DiskTrix
2009-06-03 00:40 . 2009-06-09 07:27 -------- d-----w- c:\program files\Steam
2009-06-03 00:33 . 2009-06-03 00:33 -------- d-----w- c:\program files\Restore Utilities
2009-06-01 23:40 . 2005-03-11 19:03 286208 ----a-w- c:\program files\cncs232.dll
2009-06-01 05:05 . 2009-06-01 05:05 -------- d-----w- c:\windows\Logs
2009-06-01 04:56 . 2009-04-18 07:24 -------- d-----w- c:\program files\RoTaM.Braid.Repack
2009-05-29 22:53 . 2009-05-29 22:58 -------- d-----w- c:\program files\Dragonica Online - Preview Beta Test
2009-05-29 21:18 . 2009-05-29 21:42 875088742 ----a-w- c:\documents and settings\Administrator\Application Data\DragonicaOnlinePBTInstaller.exe
2009-05-29 05:32 . 2009-06-07 05:13 -------- d-----w- c:\program files\Installation Files
2009-05-28 03:56 . 2009-05-28 03:56 -------- d-----w- C:\Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 19:52 . 2007-10-14 02:04 -------- d-----w- c:\program files\AIM6
2009-06-10 19:52 . 2007-10-14 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-10 19:51 . 2008-02-13 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-09 00:26 . 2009-03-22 23:04 -------- d-----w- c:\program files\New Folder
2009-06-08 07:01 . 2008-01-29 07:20 -------- d-----w- c:\program files\DS
2009-06-06 11:08 . 2009-06-06 08:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-06 11:08 . 2009-06-06 08:06 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-04 07:19 . 2008-12-23 08:23 -------- d-----w- c:\program files\AC Tool
2009-06-04 04:05 . 2007-10-14 04:11 54240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 03:57 . 2007-10-15 22:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-06-03 23:05 . 2007-12-16 04:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 23:01 . 2007-12-16 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 06:11 . 2008-08-20 21:33 -------- d-----w- c:\program files\music
2009-06-03 04:48 . 2007-10-14 01:57 -------- d-----w- c:\program files\solarrise
2009-06-01 22:45 . 2007-11-04 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-06-01 05:07 . 2009-06-01 05:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Braid
2009-06-01 04:55 . 2007-10-14 03:44 -------- d-----w- c:\program files\directx
2009-06-01 04:49 . 2008-06-25 03:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 05:33 . 2009-03-21 01:47 -------- d-s---w- c:\program files\Mabinogi
2009-05-23 07:46 . 2007-11-13 06:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-05-19 08:36 . 2009-06-10 19:51 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 08:36 . 2009-06-10 19:51 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 08:36 . 2009-06-10 19:51 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-06-10 19:51 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-06-10 19:51 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-06-10 19:51 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-06-10 19:51 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 08:36 . 2009-06-10 19:51 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 04:15 . 2009-05-11 04:15 6997120 ----a-w- c:\program files\baby_girl_on_Jay_leno_show.wmv
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 23:58 . 2009-05-02 20:20 954368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 23:58 . 2009-05-02 20:20 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 23:58 . 2009-05-02 20:20 1161626 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 23:58 . 2009-05-02 20:20 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 23:58 . 2009-05-02 20:20 71652 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 23:58 . 2009-05-02 20:20 4579328 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 23:58 . 2009-05-02 20:20 4534272 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 23:58 . 2009-05-02 20:20 131868 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-17 23:58 . 2009-05-02 20:20 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 09:58 . 2004-08-04 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 03:01 . 2009-04-09 03:01 4373903 ----a-w- c:\program files\PS09WW009.pdf
2009-04-04 04:42 . 2009-04-04 04:42 520642 ----a-w- c:\program files\sp2005.pdf
2009-04-02 04:13 . 2009-04-02 04:13 45056 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\8\629e21c8-713d3ea1-n\jniwrap.dll
2009-04-02 02:52 . 2009-04-02 02:53 27136 ----a-w- c:\program files\Warrant Endorsement Authorization(2).doc
2009-04-02 02:52 . 2009-04-02 02:52 27136 ----a-w- c:\program files\Warrant Endorsement Authorization.doc
2009-03-30 04:26 . 2009-03-30 04:26 1678424 ----a-w- c:\program files\registrybooster(2).exe
2009-03-30 04:26 . 2009-03-30 04:26 1678424 ----a-w- c:\program files\registrybooster.exe
2009-03-28 23:23 . 2009-03-28 23:23 98 ----a-w- c:\program files\airViewBoardingPassDefs(2).js
2009-03-28 23:23 . 2009-03-28 23:23 98 ----a-w- c:\program files\airViewBoardingPassDefs.js
2009-03-28 20:05 . 2009-03-28 20:05 2424616 ----a-w- c:\program files\WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe
2009-03-21 01:42 . 2008-08-12 23:02 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-03-20 04:12 . 2009-03-20 04:12 253536 ----a-w- c:\program files\Juan_Pablo_Montoya(2).htm
2009-03-20 04:10 . 2009-03-20 04:10 253536 ----a-w- c:\program files\Juan_Pablo_Montoya.htm
2009-03-16 21:18 . 2009-06-01 05:06 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-06-01 05:06 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-06-01 05:06 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-06-01 05:06 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-15 03:44 . 2009-03-15 03:44 156 ----a-w- c:\program files\_AVG certification_(2).txt
2009-03-15 03:44 . 2009-03-15 03:44 156 ----a-w- c:\program files\_AVG certification_.txt
2009-03-11 05:36 . 2009-03-11 05:36 1918418 ----a-w- c:\program files\AntarcticPeninsulaLogFeb03.pdf
2009-02-16 17:31 . 2009-02-16 17:31 1435136 ----a-w- c:\program files\Mexican Ambulance.avi
2008-11-05 03:28 . 2008-11-05 03:28 23552 ----a-w- c:\program files\CAFR CH.7.doc
2008-10-23 21:51 . 2009-06-03 04:56 5242 ----a-w- c:\program files\Japanese IME Tutorial Script.txt
2008-10-23 11:51 . 2008-10-23 11:51 18412 ----a-w- c:\program files\Chapter 6(2).docx
2008-10-23 11:50 . 2008-10-23 11:51 18412 ----a-w- c:\program files\Chapter 6.docx
2008-10-01 04:51 . 2008-10-01 04:51 22340 ----a-w- c:\program files\GVT-Chapter 5.docx
2008-09-01 19:26 . 2008-09-01 19:26 226816 ----a-w- c:\program files\Excel 2X Intermediate_2.exe
2008-09-01 19:22 . 2008-09-01 19:22 226816 ----a-w- c:\program files\Excel 2X Intermediate.exe
2008-08-10 02:55 . 2008-08-10 02:55 235 ----a-w- c:\program files\RegClean.reg
2008-07-22 05:22 . 2008-07-22 05:19 18813224 ----a-w- c:\program files\Color the Sugar - The guild Video.wmv
2008-04-28 01:10 . 2008-04-28 01:10 94519 ----a-w- c:\program files\mpn.pdf
2007-10-27 06:07 . 2007-10-27 06:07 1469992 ----a-w- c:\program files\GenuineCheck.exe
1999-10-20 10:20 . 2008-06-29 16:33 335872 ----a-r- c:\program files\RitzPix.exe
2008-12-20 01:39 . 2008-07-24 02:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 01:39 . 2008-07-24 02:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 01:39 . 2008-07-24 02:00 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-06-27 21:59 . 2008-08-06 14:36 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2008-12-20 01:39 . 2008-07-24 02:00 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 01:39 . 2008-07-24 02:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-06-03 05:37 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-06-03 05:37 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-06-03 05:37 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-10_04.26.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-06-04 07:30 . 2009-06-04 07:30 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-06-10 07:15 . 2009-06-10 07:15 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-10-27 04:13 . 2006-10-27 04:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
+ 2009-06-10 07:14 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-10 07:14 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
- 2007-10-14 02:04 . 2008-12-23 20:52 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2007-10-14 02:04 . 2009-06-10 19:51 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-10-16 10:21 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
- 2006-10-16 10:21 . 2008-08-19 09:20 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-04 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-03-08 11:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2007-10-11 14:06 . 2009-06-04 18:29 228000 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-11 14:06 . 2009-06-10 19:38 228000 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-04 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-03-08 11:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-11 21:46 . 2009-06-04 07:31 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-10-11 21:46 . 2009-06-10 07:14 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-06-10 07:14 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-10 07:14 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-10 07:14 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-10 07:14 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-10 07:14 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-10 07:14 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
- 2009-03-08 11:32 . 2009-03-08 11:32 1985024 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-10 07:14 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-10 07:14 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-10 07:14 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-06-04 07:27 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2009-06-10 07:14 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-06-10 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-04 518488]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2003-10-29 106546]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-2-2 884838]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57391:TCP "= 57391:TCPando Media Booster
"57391:UDP "= 57391:UDPando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/3/2009 9:00 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/6/2009 4:08 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/6/2009 4:08 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/6/2009 4:07 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys [6/8/2009 11:46 AM 276344]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [10/19/2007 6:16 PM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/6/2009 4:08 AM 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/13/2007 7:04 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2009 4:38 PM 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [10/19/2007 6:16 PM 8832]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2/2/2008 8:40 PM 17149]
S3 PRISM;D-Link Wireless LAN Driver; [x]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2/2/2008 8:40 PM 362944]
S3 XDva037;XDva037; [x]
S3 XDva168;XDva168; [x]
S3 XDva189;XDva189; [x]
S3 XDva193;XDva193; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{67c1454c-c653-47f3-bd76-f9fa57bce707} - (no file)
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} - hxxp://www.netgame.com/download/mglauncherusa.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff20_meter2.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 15:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1004336348-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,20,db,77,4f,c4,fe,43,bc,7b,37,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,20,db,77,4f,c4,fe,43,bc,7b,37,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,a1,eb,e8,7c,09,71,47,98,3e,6a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03975035-e870-470a-8be6-35552d52f4ac}]
@Denied: (Full) (Everyone)
"Model "=dword:00000126
"Therad "=dword:00000011
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,e1,69,ab,28,0d,
27,9b,b4,04,a3,b7,bd,5b,11,77,40,37,72,11,8a,ca,3e,f8,d4,c1,3d,e4,c8,e3,43,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):90,8b,b7,e3,7f,da,aa,81,95,17,49,d3,36,bd,67,8a,c5,3d,b2,32,5a,
7c,ab,18,3e,6a,ed,3d,13,a1,ea,a6,bb,bc,9d,e9,8d,4f,9c,e6,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-06-10 16:05
ComboFix-quarantined-files.txt 2009-06-10 23:03
ComboFix2.txt 2009-06-10 04:33
ComboFix3.txt 2009-06-04 04:20

Pre-Run: 104,043,040,768 bytes free
Post-Run: 104,027,201,536 bytes free

419 --- E O F --- 2009-06-10 07:15

 

Hi
OK, Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Please reboot your Computer.

Let me know if you get any warnings after the reboot.

Geri

 

Hello,
After following your instructions and the reboot, I received the same two error messages about vorosuka and salizuya.

 

Hi
OK please post a new DDS log.

Thanks
Geri

 

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 11:50:23.70 on Thu 06/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.520 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: {67c1454c-c653-47f3-bd76-f9fa57bce707} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [CPMdf184e86] Rundll32.exe "c:\windows\system32\salizuya.dll ",a
mRun: [gunuketizi] Rundll32.exe "c:\windows\system32\vorosuka.dll ",s
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5F3E7209-53A0-4C2E-8648-E3E4551FEB9A} - hxxp://www.netgame.com/download/mglauncherusa.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} - hxxp://legendofares.netgame.com/download/MusaLauncherNew.cab
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\bkl290ke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bkl290ke.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_19.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-3 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-6-6 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-6-6 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-6-6 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090604.001\IDSXpx86.sys [2009-6-8 276344]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2007-10-19 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-6-6 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-6 101936]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2007-10-19 8832]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090611.003\NAVENG.SYS [2009-6-11 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090611.003\NAVEX15.SYS [2009-6-11 876144]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-2-2 17149]
S3 PRISM;D-Link Wireless LAN Driver; [x]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-2-2 362944]
S3 XDva037;XDva037; [x]
S3 XDva168;XDva168; [x]
S3 XDva189;XDva189; [x]
S3 XDva193;XDva193; [x]

=============== Created Last 30 ================

2009-06-11 11:48 359,893 a------- c:\program files\dds.scr
2009-06-10 21:57 <DIR> --d----- c:\program files\Raxco
2009-06-10 12:52 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-06-09 12:56 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 12:56 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 12:56 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-09 12:56 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-08 17:05 56 a------- c:\windows\kgt2k.INI
2009-06-08 16:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\Beelzebub
2009-06-08 16:40 413,696 a------- c:\program files\imgctl.dll
2009-06-08 16:40 196,608 a------- c:\program files\wuvorbis.dll
2009-06-08 13:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\RenPy
2009-06-08 13:56 <DIR> --d----- c:\program files\Katawa Shoujo Act 1
2009-06-08 12:07 232,200 a------- c:\windows\system32\PDBoot.exe
2009-06-08 10:00 71,696 a------- c:\windows\system32\drivers\DefragFs.sys
2009-06-06 22:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\Chris And Akshai Are Awesome Inc
2009-06-06 22:26 <DIR> --d----- c:\docume~1\admini~1\applic~1\JeffandPatrick
2009-06-06 22:21 <DIR> --d----- c:\docume~1\admini~1\applic~1\USC Interactive Media Division
2009-06-06 01:07 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-06 01:06 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-06 01:06 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-06 01:06 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-06 01:06 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-06 01:06 <DIR> --d----- c:\program files\Symantec
2009-06-06 01:06 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-06 01:06 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-06-06 01:06 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-06 01:05 <DIR> --d----- c:\program files\NortonInstaller
2009-06-05 23:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-06-04 00:19 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-04 00:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-03 21:08 <DIR> a-dshr-- C:\cmdcons
2009-06-03 21:00 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-03 19:13 <DIR> --d----- c:\program files\Lavasoft
2009-06-03 17:44 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-03 15:03 <DIR> --d----- c:\program files\Adobe Flash Player 10
2009-06-03 13:54 <DIR> --d----- c:\program files\A
2009-06-03 11:39 <DIR> --dsh--- c:\documents and settings\administrator\IECompatCache
2009-06-03 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-03 11:24 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-06-02 22:44 <DIR> --d----- c:\program files\Crypto-Lock
2009-06-02 22:41 <DIR> --d----- c:\program files\alphacrypt2
2009-06-02 22:41 <DIR> --d----- c:\program files\Audacity
2009-06-02 22:37 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-02 22:37 <DIR> --d----- c:\program files\SUPER
2009-06-02 21:49 <DIR> --d----- c:\program files\Wakan
2009-06-02 20:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-02 18:40 <DIR> -cd-h--- c:\windows\ie8
2009-06-02 18:07 <DIR> --d----- c:\program files\common files\DiskTrix
2009-06-02 17:40 <DIR> --d----- c:\program files\Steam
2009-06-02 17:33 <DIR> --d----- c:\program files\Restore Utilities
2009-06-01 16:40 286,208 a------- c:\program files\cncs232.dll
2009-05-31 22:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\Braid
2009-05-31 22:05 <DIR> --d----- c:\windows\Logs
2009-05-31 21:56 <DIR> --d----- c:\program files\RoTaM.Braid.Repack
2009-05-29 15:53 <DIR> --d----- c:\program files\Dragonica Online - Preview Beta Test
2009-05-29 14:18 875,088,742 a------- c:\docume~1\admini~1\applic~1\DragonicaOnlinePBTInstaller.exe
2009-05-28 22:32 <DIR> --d----- c:\program files\Installation Files
2009-05-27 20:56 <DIR> --d----- C:\Users

==================== Find3M ====================

2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-10 21:15 6,997,120 a------- c:\program files\baby_girl_on_Jay_leno_show.wmv
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-08 20:01 4,373,903 a------- c:\program files\PS09WW009.pdf
2009-04-03 21:42 520,642 a------- c:\program files\sp2005.pdf
2009-04-01 19:52 27,136 a------- c:\program files\Warrant Endorsement Authorization(2).doc
2009-04-01 19:52 27,136 a------- c:\program files\Warrant Endorsement Authorization.doc
2009-03-29 21:26 1,678,424 a------- c:\program files\registrybooster(2).exe
2009-03-29 21:26 1,678,424 a------- c:\program files\registrybooster.exe
2009-03-28 16:23 98 a------- c:\program files\airViewBoardingPassDefs(2).js
2009-03-28 16:23 98 a------- c:\program files\airViewBoardingPassDefs.js
2009-03-28 13:05 2,424,616 a------- c:\program files\WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe
2009-03-19 21:12 253,536 a------- c:\program files\Juan_Pablo_Montoya(2).htm
2009-03-19 21:10 253,536 a------- c:\program files\Juan_Pablo_Montoya.htm
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-14 20:44 156 a------- c:\program files\_AVG certification_(2).txt
2009-03-14 20:44 156 a------- c:\program files\_AVG certification_.txt
2009-03-10 22:36 1,918,418 a------- c:\program files\AntarcticPeninsulaLogFeb03.pdf
2009-02-16 10:31 1,435,136 a------- c:\program files\Mexican Ambulance.avi
2008-11-09 12:33 30 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2008-11-04 20:28 23,552 a------- c:\program files\CAFR CH.7.doc
2008-10-23 14:51 5,242 a------- c:\program files\Japanese IME Tutorial Script.txt
2008-10-23 04:51 18,412 a------- c:\program files\Chapter 6(2).docx
2008-10-23 04:50 18,412 a------- c:\program files\Chapter 6.docx
2008-09-30 21:51 22,340 a------- c:\program files\GVT-Chapter 5.docx
2008-09-01 12:26 226,816 a------- c:\program files\Excel 2X Intermediate_2.exe
2008-09-01 12:22 226,816 a------- c:\program files\Excel 2X Intermediate.exe
2008-08-09 19:55 235 a------- c:\program files\RegClean.reg
2008-07-21 22:22 18,813,224 a------- c:\program files\Color the Sugar - The guild Video.wmv
2008-04-27 18:10 94,519 a------- c:\program files\mpn.pdf
2008-03-27 13:21 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2007-10-26 23:07 1,469,992 a------- c:\program files\GenuineCheck.exe
1999-10-20 03:20 335,872 a----r-- c:\program files\RitzPix.exe
2006-05-03 03:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 04:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 06:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 11:51:26.75 ===============

Attach:
DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2007 2:16:06 PM
System Uptime: 6/11/2009 9:59:58 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/83mhz
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/83mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 98.296 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Device ID: ROOT\NET\0000
Manufacturer: NETGEAR
Name: NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 #2
PNP Device ID: ROOT\NET\0000
Service: WPN111

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Printer Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Printer Port (LPT3)
PNP Device ID: ROOT\PORTS\0000
Service: Parport

==== System Restore Points ===================

RP1: 6/11/2009 12:19:53 AM - System Checkpoint
RP2: 6/11/2009 12:23:14 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Absolute Mastermind v1.4
AC Tool
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
AI RoboForm (All Users)
AIM 6
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Blaze Media Pro
Bonjour
Choice Guard
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Crypto-Lock (remove only)
Download Updater (AOL LLC)
Drivers Install For Linksys Easylink Advisor
Finale NotePad 2008
FinePrint
Free YouTube to Mp3 Converter version 3.1
FundBalance General Ledger
Gem Figher
Ground Control II MP Demo
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Joyful Music Game O2Jam
Katawa Shoujo Act 1
Linksys EasyLink Advisor 1.6 (0032)
Mabinogi
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Application Compatibility Database
MobileMe Control Panel
Mozilla Firefox (2.0.0.20)
MPlugin
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
NicoNicoDougaDownloader2
NJStar Communicator
NNDD2 - NicoNicoDougaDownloader2 - v0.81
Norton Internet Security
NVIDIA Drivers
Pando Media Booster
PerfectDisk 10 Professional
Pervasive System Analyzer
Pervasive.SQL V8 Workgroup (v8.5)
Portal
Preview Beta Test Release
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegClean
Rumble Fighter
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Socialnetworking Helper Adssite
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Steam
SUPER © Version 2009.bld.35 (Jan 5, 2009)
SupportSoft Assisted Service
SWF Opener
Swords and Sandals 2 2.0
System Requirements Lab
Team Fortress 2
Tiara's Moonshine Mod
Tyler GASB34 Reporter
UltimateDefrag 2008
Uninstall 1.0.0.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VeohTV BETA
Video mp3 Extractor Pro
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VSO Image Resizer 1.3.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XP Smoker Pro 5.4

==== Event Viewer Messages From Past Week ========

6/9/2009 9:16:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
6/7/2009 3:39:31 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/7/2009 11:23:44 AM, error: ParVdm [2] - Unable to get device object pointer for port object.
6/6/2009 12:57:45 AM, error: Service Control Manager [7034] - The AVGIDSWatcher service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

Hi
OK please do this.

Download RootRepeal.zip to your Desktop.

• Extract the compressed file to it's own folder.
• Open the folder and doubleclick on RootRepeal.exe to run it.
• Click on the Report tab, and then click on: Scan
• A window opens asking what to include in the scan.
• Check the following boxes then click OK:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• You will then be asked which drive to scan.
• Check C: (or the drive your operating system is installed on, if not C)
• Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here

Thanks
Geri

 

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/11 22:47
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF24D1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B82000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP5252
Image Path: \Driver\PCI_PNP5252
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3610000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spgn.sys
Image Path: spgn.sys
Address: 0xF740F000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF72DA000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\dennyng1989@hotmail.com\DFSR\Staging\CS{6A4151D8-99A8-04D7-D0A3-0D64BF42AEE6}\01\18-{6A4151D8-99A8-04D7-D0A3-0D64BF42AEE6}-v1-{C0E4F51C-0D0C-42F8-997B-917A56CF1FAC}-v18-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\ebilflippif4@msn.com\DFSR\Staging\CS{F2A1CDFE-65D0-4BF1-43A1-182A6B7C2E05}\01\113-{F2A1CDFE-65D0-4BF1-43A1-182A6B7C2E05}-v1-{C0E4F51C-0D0C-42F8-997B-917A56CF1FAC}-v113-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\01\15-{64E533C6-F7A8-6743-DBF8-99722601297F}-v1-{C0E4F51C-0D0C-42F8-997B-917A56CF1FAC}-v15-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\12\111-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v12-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v111-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\13\112-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v13-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v112-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\16\113-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v16-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v113-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\20\114-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v20-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v114-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\23\115-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v23-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v115-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\25\116-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v25-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v116-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\26\117-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v26-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v117-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\27\118-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v27-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v118-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\29\119-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v29-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v119-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\30\120-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v30-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v120-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\31\121-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v31-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v121-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\32\122-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v32-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v122-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\34\123-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v34-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v123-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\35\124-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v35-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v124-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\36\125-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v36-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v125-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\38\126-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v38-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v126-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\39\127-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v39-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v127-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\41\128-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v41-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v128-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\42\129-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v42-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v129-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\44\130-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v44-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v130-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\47\131-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v47-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v131-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\53\132-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v53-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v132-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\55\133-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v55-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v133-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\57\134-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v57-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v134-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\58\135-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v58-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v135-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\59\136-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v59-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v136-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\61\137-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v61-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v137-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\65\138-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v65-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v138-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\66\139-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v66-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v139-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\67\140-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v67-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v140-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\68\141-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v68-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v141-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\72\142-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v72-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v142-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\75\143-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v75-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v143-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\78\144-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v78-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v144-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\79\145-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v79-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v145-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\im_like_sexy@hotmail.com\DFSR\Staging\CS{64E533C6-F7A8-6743-DBF8-99722601297F}\83\146-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v83-{DD36C2C9-8700-43B9-AB76-0860529CDC4C}-v146-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\22\143-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4622-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v143-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\22\235-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4722-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v235-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\45\166-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4645-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v166-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\45\31-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4845-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\45\60-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4745-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v60-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\77\190-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4677-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v190-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\77\98-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4577-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v98-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\00\121-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4600-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v121-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\00\213-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4700-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v213-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\01\10-{86F547C2-E56B-5F39-EC56-40F90B7958E7}-v1-{C0E4F51C-0D0C-42F8-997B-917A56CF1FAC}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\01\122-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4601-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v122-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\01\214-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4701-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v214-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\02\123-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4602-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v123-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\02\215-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4702-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v215-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\03\124-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4603-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v124-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\03\216-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4703-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v216-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\03\251-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4903-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v251-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\04\125-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4604-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v125-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\04\217-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4704-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v217-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\05\126-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4605-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v126-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\05\218-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4705-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v218-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\05\219-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v5005-{9C7B9EBD-4625-43BA-A358-1DB8C03B5A2F}-v219-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\06\127-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4606-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v127-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\06\219-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4706-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v219-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\07\128-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4607-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v128-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\07\220-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4707-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v220-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\08\129-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4608-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v129-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\08\221-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4708-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v221-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\09\130-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4609-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v130-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\09\222-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4709-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v222-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\10\131-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4610-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v131-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\10\223-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4710-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v223-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\11\132-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4611-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v132-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\11\217-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v5011-{9C7B9EBD-4625-43BA-A358-1DB8C03B5A2F}-v217-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\11\224-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4711-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v224-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\12\133-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4612-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v133-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\12\225-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4712-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v225-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\13\13-{C0E4F51C-0D0C-42F8-997B-917A56CF1FAC}-v13-{C0E4F51C-0D0C-42F8-997B-917A56CF1FAC}-v13-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\13\134-{685EDC82-38CA-40A8-9B61-A89AE3CD0893}-v4613-{C053F894-76DF-44B2-9D77-FB67E33DC0BB}-v134-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\sentros99@hotmail.com\SharingMetadata\jenniz.kit.kat.bar@gmail.com\DFSR\Staging\CS{86F547C2-E56B-5F39-EC56-40F90B7958E7}\13\20-{685EDC82-38CA-40A8-9B61-A89AE3CD08SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x864012f0

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x863f92c8

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86270138

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x863de2f0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86239e80

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2840040

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x85f737f0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x85a27848

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8657bb40

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x863d92f8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf28402c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2840820

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x863561b8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spgn.sys" at address 0xf742eca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spgn.sys" at address 0xf742f030

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86345238

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x86402c28

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x863fe4d8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8635d9b0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86578a30

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x863f6a08

#: 119 Function Name: NtOpenKey
Status: Hooked by "spgn.sys" at address 0xf74100c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x862c80f0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x864e8070

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x863ee910

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x862c5138

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x86242ba8

#: 160 Function Name: NtQueryKey
Status: Hooked by "spgn.sys" at address 0xf742f108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spgn.sys" at address 0xf742ef88

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8657c570

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x863b5be8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86447008

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x863f4a70

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2840a70

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x863eb288

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86405bc0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8635d410

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x863b5b10

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x863bbcb0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x856406b8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x867601f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x844901f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x867611f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8649f500 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_CREATE]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_CLOSE]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_POWER]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: a9xg8qt1Ѕ
扏煓Ёఱ汇㕡ফစ, IRP_MJ_PNP]
Process: System Address: 0x864571f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x867d71f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x864ad1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x867621f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x863c81f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x863c81f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863c81f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863c81f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x863c81f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x863c81f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x864a1500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x84d341f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_READ]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x84d0c1f8 Size: 121

Object: Hidden Code [Driver: CdfsȀఈ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x84d0c1f8 Size: 121

==EOF==