Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus?


  • Please log in to reply
5 replies to this topic

#1 Rixanu

Rixanu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 22 June 2009 - 12:26 PM

Hi, I'm a first time poster on this forum, and I think a may have some kind of infection. I noticed that when I opened my task manager, there was a weird application running, whose name consisted of a bunch of random letters. I right-clicked it and selected "go to process" and it took me to a process called "wiawow32.sys". I googled this, only to come up with one result: a page on the Prevx website, referring to the process as a rootkit, which apparently only popped up two days ago. So far, I've only noticed that I can't open Internet Explorer, but a portable version of Firefox works fine. Considering that it seems to be fairly new, with only one result on google, I'd love some re-assurance. My basic question is: is my computer in any immediate danger, and what is the best way to handle this? Thanks.
OS: Windows XP Home Edition
Privx page on the wiawow32.sys

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 22 June 2009 - 12:42 PM

Hello and welcome..

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Next Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Rixanu

Rixanu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 22 June 2009 - 01:17 PM

Okay, here's what happened. Right after I hit "finish" after the install of MBAM, I got a blue screen. Unfortunately, I don't know how to copy what a blue screen says, and I don't remember what it said, either. Sorry, if that was important. So, I've restarted my computer, only to find that the random-letter program is gone, along with "wiawow32.sys" in my task manager. I'm also able to use Internet Explorer again. So, was it a false alarm, or could there still be something out there?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 22 June 2009 - 02:12 PM

These werepossibly reactions to the changes in the registry thru the malware removal.. Please run the rootrepeal.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Rixanu

Rixanu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 22 June 2009 - 03:44 PM

Rootrepeal Results
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/22 16:06
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF7E91000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8E10000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB99AE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETpjbotvfg.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETpjbotvfg.sys
Address: 0xF7D23000 Size: 163840 File Visible: - Signed: -
Status: Hidden from Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\catalog.wci\CiSP0000.000
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM32\SKYNETlhmnnyvd.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\SKYNETmshgwklv.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\SKYNETrkcxqtjj.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\SKYNETwboboewl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETuxtkosvhtb.tmp
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_cclvl2thzgk0kqe
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_zzq60gb1raqqjwq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_olpdhpfita98eaa
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_e0zbqs9eevnxbcw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_8hhuzrto3oslss8
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_zjpjetsw4njaibt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_rbjtye83tduaznq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_k1xaazzhrjhxxtz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\~df8afa.tmp
Status: Allocation size mismatch (API: 172032, Raw: 0)

Path: c:\windows\temp\~df9374.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\~dfb9b1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\mcmsc_bbir0xiekwudunq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_bqerxjbhkgeogsa
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_7royw9q91zo9x5q
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_3cepph8hg2rylw3
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_txmakdrtolb3kok
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_6o1l8pzi6kv1khx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_9b4.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\mcmsc_rzgeqcjm5aslvao
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_iwixegui7s15niq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_aozjqz7ar6ikghe
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_cnopi0z7icwjdfm
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\SKYNETwmyipnuexy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxtksmeuqhx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbvfqqycrny.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETceybdmhvqj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcotnuyirvk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdcxbvjkitt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdibadccriv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETemctqeecfq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeqqpfwbyms.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETexornfvnms.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfqqorfkkcb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThidornsvft.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThqowpsyjft.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETixfpwtsppf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkcojfxtior.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETktrvqaqbvx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkxnvevxjip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmqibabmuxx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnmcvrerqpx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETprqrjkbycy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqbuxnklhgh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqpxoidbwtx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqxerxnqqoe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrjqvgoivxt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\DRIVERS\SKYNETpjbotvfg.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\ryan\local settings\temp\nse4e.tmp
Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\documents and settings\ryan\local settings\temp\nsy7c.tmp
Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\documents and settings\ryan\local settings\temp\etilqs_0syaq1qrwm8h7tybpdju
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\ryan\local settings\temp\etilqs_tmha9zicudougpiqpswa
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\ryan\local settings\temp\fla71.tmp
Status: Size mismatch (API: 3375944, Raw: 3322220)

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\016VCH2B\Y1TVY9A3&cookie=KCMNZ07BWKHW88AV8ZC9M37N37H55NXI&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=NeXplore%20-%20Search&referer=&screen=1280x1024&localtime=16%3A24[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\GAJCA0T00PNCA19M8TTCAKU24O6CAVF3B7LCAMOPDGXCAEWZEZHCA4GSHMRCACIEWC4CA2HFHCUCA7ZAYA2CACY9TSSCARV382BCACPNGY1CASFHTP4CAGSBC22CAH4JWIICAAKCELICAC9HNTJCAML5WH3CAEC8QYLCAO0LL8Q.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\7NDCA2TALMMCA727PO3CAFF9YRGCAWIHKQ9CA6RVU4RCAVGRSAKCAPFTXEUCA49XDTOCA4XPTFMCA2H5BSSCA0IMHBECAW0ABJSCAI0D5OLCA4Q3FNCCARIC47OCAN9UH2ICAS6Z11ACAVAFC1RCASPUT4ICAM4WY5LCA28FNHL.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\A1YLPSCCAXJJ936CAFD3BFLCASVGBIICAO5PJFUCA3VB9M8CA9KFUUKCA9EF89HCAVMB4EUCA3SDU3HCA6J72L4CALCM276CA5Q7VIUCAN9P18BCAI8MSR6CAV3YEE2CAAAQ9S3CAVQ10BOCA2T80SECAX8BWT5CA7Z1SQHCAXF2H9C
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\A9MWN25CASXTOR9CA11DNC3CA8JTPTOCANQZ9SZCAZISI03CAF3VE4NCA7H6KTNCAIH09FCCAPBH5MFCA8IZ9VGCABRPKWLCADEQBAOCAKN3JGCCAOIXF8QCAOJ5SL4CADSNG5OCA43D2JQCAVIUHOICAIO4K8LCAZPWSEWCA566N1G
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\0RBCAFRMV75CAY4WSN0CAHT8TSDCANR9CG1CASKQP0LCAEG041JCA3NG9I5CAQT9BMBCAFM9GHUCAZPSXL4CABD5Y50CAEWWPKPCAHBBOPVCAVENHCFCA3P24S9CA9T5B2CCA664EQICAIJF2JNCA9K5LBYCA9AGWMPCAPC1BUM.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\OJ3CAD4YX56CANP0X34CAQ7T76CCAVHDN6HCAA1RUXXCALCEN91CA89IVUACA1RKE6OCA7G0SHZCAI5JEPNCAV97GHRCATAPFXNCAFDBWM9CAGBP0YRCAZZ9S2HCAZ50A73CAN9XKJACALVA80LCAC7PMCNCAETSTW7CAEQMSNF.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\SUHCA5DRRJ8CATO363ICASGXRQICAXVNBBRCAGELRUWCA0YRQG0CA8GJUF0CAX7VAT4CA823N8NCABEJTL3CARV573NCAI7TV2DCAG5HXDSCAUVSSJ1CABIY3UJCAHVO0QOCA80RRUVCAOJ00VDCALI01SCCAQQDIQ0CAP7RPOO.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\LLPCA1K6RJXCAHPU1OJCA74BCTUCAUH59SICAYS6T2ACA7KC21GCA0FHIB5CA1VVHVZCAJQUNB6CAGWU09ICATCB34ICAY2490NCAAE509JCA9UBJVUCA5UFYW1CAZFJJPXCA5F173BCAX0KY91CA0ES2QTCASKX0LTCA9KK76S.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\AX5OXQNCAMCRXP7CA85MJ5PCAR3LIZTCATBULL8CASD5AIOCAOQIXNWCAJLBWH9CAJXKCTWCAKDRF94CA5H0LB9CA6RCBFWCAVSO7FTCA7NHUVZCABD789ICAF19VB6CAW4QZHRCAI2QX8CCAV0NGCBCAASEZ82CA5OORQTCA7AF9GU
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\B97CAW3ZJUXCAMG2UOJCABKSBK9CAHVFLCUCA4Z29K7CAPKGJGWCAY1BN8TCALDBNWHCAO6856UCA0KP8CLCA7K3H2ICADBB5AMCAJLDEAUCAJJMMQECA2SBFXFCA9OR61LCAZ8X672CARLMHRQCAHTJVSMCAS958H0CA63QCMR.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\WHACAMX3H6HCAOTXEOXCABS2RQ3CAIX5VD9CAUUX3Z2CADM1SV9CAIN1U28CAIXDNNUCA4ANBXWCAIRLJT8CAHCX5JSCA7JACDGCAB0UO1QCAR83MGFCASF4DQ3CAFBK404CAMLQ35OCA3675G1CAW82C0QCAVHA1WSCASBZOSM.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\WJGCAP9OWYJCAXB4G0DCA3TFBLECAK8NB4ZCA9C1WQICAQE99NZCATDNMPLCAGHP1MUCAC4SVA3CAFJGNWCCAJQ0YK3CALTXMIBCAMP15F1CA9S1ZS5CAMQNYFZCAXKLTU8CA99W5G6CAI43OSHCARATG71CASTKHBECANI2W62.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\E50CA0T3YE7CA2Y8RM5CAKAL4R7CA9IQFQWCA8LH8UFCA19DWZ1CADK9AK5CAUMGEHFCANSUKD0CAR9V519CA4EYNU4CA6SZAG9CATH3IHHCA8WIYPECA2AER50CA0PMDGMCABEKL4XCAW9A41SCATL157ECA7ECCLDCAO3SK3V.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\APANR6DCARRH7W1CACXV9FGCA7RRZ6PCAJTHNPACAV0NV3VCAKCJ5WCCADA4N9PCAZGC1XICADC9BMKCA68CPM5CAFW3YZ3CAJ5VM12CA8LYF82CA1X1OVACAVOR9MOCA2EV0NSCAEG30EXCAM121Q1CA8PLU4KCAS3Y18OCA18LNHC
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\3C0CAFGM8A0CAY2F3ZECAOUNAI3CAA4INSVCAVF0ZXJCATFNYTTCAAJLZCACAHBEUGVCAFIC6CNCAHFDDQRCATCJP5HCA7UMYJECA4EJ35QCAJVIP02CAGATLUXCAOIJMCSCA062NO7CAMRG3C5CA95GW9ZCAOEGIASCALMH067.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\UFACA0A0D7OCA260L73CAEB25NVCASE3MEUCAJ3H17CCAMQHBZ8CAEM962HCAAOB0WWCAOC42CXCA9EUI71CA9CTBHMCAIV05HXCA9OWBZ6CAC4KCQSCA5ATK00CAR58LAFCA54KFP7CA8EDLUJCAMFTODWCA9GMVDXCAA4E4RQ.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\VF7CA3AG8MACA6H6OP3CALE2JYTCA85CZ6CCAJB788UCACFRMFHCAPMYF52CAXXRSVKCA0KT5YJCAYJ7XQ2CAK57ZWQCAK7DK6MCAH27PNJCAUZFA2WCAQO6GKCCAGDU6YQCAUKLW02CABLI0WJCA68EEG5CA6GYQ7FCA9J668O.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\WRFCAH4BAF6CA0XAMI4CAQGXSPYCAS1F1SDCAF1DJ0HCA2PU610CA536YYBCAG4AHF2CAWKBFBTCALPJHQHCA2KK2NGCA2HBWQUCA11MVTQCAZJUVR4CAU10AXKCA94ZVS6CA4D3M7ACAB6U3GPCA4DNPQQCADZ5ZC1CAEC92B1.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\XY0CA714EA8CA1YBIUMCA2KP5Z4CA0P1BY2CA3PIYVLCANDWOH5CAFWDA95CA4AODX7CAXG7LVDCAUYG2EHCAIS93JLCA4J8HZUCA5U964UCASNA0QOCAZESLVPCA04UM10CAM9I27CCAZXV0E0CAJBE3KLCAZTO3QHCAA319UQ.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\EPECACH4L3HCA08HHMJCA404D85CA4OE0V3CAZJ56AACAKLBHROCAR820TRCA6MHS24CAL2XL5NCA6SUFIHCAVQ1VH7CAUO8MTGCAHXV6VQCAAE9J7TCAIAB63QCA8IMHL6CACWLA0ZCALLAUXMCAO027P5CAI8ITHXCA9Y6T49.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\FC7CAKOL480CAI2CZKTCAT9HPO2CA2IJMATCAMYU7N5CARWDH6SCAQU1GC7CA2QGZ5BCA6BTVYQCAR90AJ9CAJF80OVCAEWQ5U7CADYZ2LNCA3T8GD5CASI5YDDCAY4T7DDCAJ2V07GCAWTXQDUCA2PIQWNCA022EJICATA0ARE.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\I2LCA4QKBD9CAV6WRPVCA0YIACNCAE4Z03PCA185CKSCAEW6RGCCAL3JWX5CAHYUS89CA5S3PNKCA3C60XGCA9LS9IPCA0DT4XECAZ16987CA6T63G5CATI3UC1CAZ3AYTHCA1YVKLCCA7GXT7PCAAHZGIJCAISQL68CAXPC2R0.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\IBDCA0DH9AFCACYRX5ICAWL6VGDCAGKRQT0CAJ1K3ENCARLB712CA2RSVZCCAM7F294CA3Z8ZD7CAKZM27FCANYHEQ8CA7PGTVXCAXYS11UCAW4XK2UCAIXOJOLCAEE7SQZCAOMLRVVCAKC0BGRCAF59EPQCA737WIBCA2HROM1.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\YUWCAB937I3CA3UNBLACA6ZZVHMCAW62MVFCAAJ1NUUCA3WJGOTCAMC8FDECAT5D10BCAS6I8NYCAQD0KRXCA2G7C53CAFTAO70CAFKGPUKCAXGH1NVCA7YTIO3CAU7GDWHCAZYR3WZCATKZO7YCA3BYI7HCAROVI00CAQ7EDLO.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\ZSLCASC1NJJCAWI1Q30CAR9VNSCCAUUW50UCAIJY09ECA4XPIWACAR3WI8ECA44R3POCA64GCTFCAZA5410CA99UBL4CAMH4QUWCAZ2R61SCARDJWTLCA6M158NCA1WKXDMCAJPSQFDCAWZEXBYCAA9035XCAQCMC4CCAHD6OZ9.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\2ETCA8US5QWCAMFH60RCAIPV38RCA3HQL6BCAFF5ZGCCAP19UJ6CAIMMD15CA7Y6ZL1CA09S2NPCADJP8FTCAB50XDCCAKH5APRCAXWWH41CA7TEDE9CAD28D86CAD7RMHOCAT62A7MCAXFPNI8CATPTKLDCAWKQYUKCAAP09HX.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\054WPUB7\AGGWE49CAQFZBIICAJO8GY8CA8830DFCAW78JD5CA1BSTUDCA1U4EVKCAOAODAPCA8T2I5UCAER2VSHCABWTW80CA4WB3Z6CA3MP87MCACV0T3FCASQ51RBCAU1FGOBCAARP03GCABFZK15CAT5HZ1NCAARSCS7CAII41QFCAV71292
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\46PLSBUY\v=5;m=2;l=2264;cxt=;kw=;ts=292867;smuid=KThalNXbneHkqvqhJWnMTwmRBp5ehzqneiES_8Dz;p=ui%3DKThalNXbneHkqvqhJWnMTwmRBp5ehzqneiES_8Dz%3Btr%3DDeWLFgSRe_y%3Btm%3D0-0[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\D7RCA6RC494CAKJB5G2CA1S5TQ9CA41ILGDCAS8WNYXCAAOO3CQCA5TJELNCAZVHE5SCA4S1KTOCAN0PD0KCAPJ7E3XCA5NVLH5CAGW8ZBJCAUTXVUBCA1EUO03CAZOJZXZCABO4PY5CAICQYN7CAE6YQ3KCACTMD6PCAQLF741.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\1ZACA8GJY3SCAV3APTQCA22R4QGCAUL2ZZOCAHCWJCQCAL53XO3CAPJDV6SCAIEJH2NCAJKD3GHCA28IEE9CAYTVN0BCA39UO1NCAI92NU2CA2F9FY7CAT1H28ZCAMV26CSCASC8GSTCA4ZYKNCCAGDTUKRCA9PGKXSCAYSU2VH.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\238357706937%26nostat%3D1%26ad_mature%3D0,;u=PUBID_137712%7CCATID_24%7CCREAID_1757945%7CVURLID_6053715%7CPIC_49%7CPT_DYNAMIC%7CP_0[1].4902%7CBLID_505305;sz=300x250;ord=1238357729
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\FPYCA13LZFFCA2EWYW1CATL33O9CADW295GCAZFWIFJCANNAIF3CAUGSYI2CA3M1TW0CAUQ8FK0CAVHBJ6KCADQI0QNCA3NETJMCAOZAUU5CAFLCT32CAYLJZKBCATMVNYDCAG8K472CAA4C2PGCA5TYNGRCAAZZFYPCASPI2EP.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\A1P8FEQCACS15WRCA4CTV6ZCAF1SCK2CAECQE42CAW908WZCAI86M8KCAOVJ2HBCAN4GRV3CAKWRV4UCAOGOLS0CAY0SUE9CA9WMN1ACAP415LCCAGR9AVJCAORQ3ZWCAZIJ1RWCAI76FS4CAL59XO0CAOVTZDECA938TDVCAXW9KA8
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\A28TLEICA91FZF6CAB08U3YCAJ12A74CAQWD0JRCAOT0YXBCAO25MV2CARPA8YRCAO8UWC5CAD271XQCA8ZEWH0CAAHC5HACAT2NZSZCAASI21RCAIVKFRICA6OSTQWCA2ZZOZICATWZU08CA72HKYECA1PQ8X2CATBDTKCCABP8Q4Y
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\A2LTBZCCA3VA9JVCAAG5CFHCAK1CE3GCA2E84VNCARIQ2JGCA2T9KGYCA0Y4HV5CAM4C7AMCABCUCD2CATXXEQ7CAN3956OCA1IM505CALP5ZBZCA713GTOCALOSEHZCABPTVUECAVU6LXWCAGKW7HSCASHNS0VCAZENW1BCAN8EZ8P
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\A9SZNZVCASYLJWFCANIDQ7FCAY7Z1DLCASNFX1WCABBT7Q0CA5WQFZQCAB73UFHCA00DMWWCA0ZXLDJCA433YOZCAUK456ECA8BRLE4CAE3BE4ZCA28ET10CA003EUJCA7EA1AYCAWD44Y8CACD3HGMCAQO63SKCAB4HVU2CAXZY9PL
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\EPACAP8EE5FCAXDJQVGCAW488RKCAFUE3MGCATHIB68CAHRPPVVCAQ83VJUCARL4Q91CARC6SP3CA9T9OTBCASC6F35CAFJ6P21CAHL6Y5ACAQ61DOZCADG3HWYCAB1YKODCAQFEFK8CA2P08XKCA1BG1VACAIDT46BCA9URI92.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\Q17CAQWVATNCA40N0RCCAW0I5E0CAZ5J3GZCA88TGDXCA31QJPUCA2AVXRZCAXXH3T5CAVQ951TCAG4OG77CAWRL1NCCAX2F1NCCAA8ILX6CAZPXZQWCA601Z2JCAO8J6R0CA5G9BZCCAXXDJSHCA65PGILCAV9VPJKCALFNLRX.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\P2LCARGPCTSCABENKK0CA3LCPLLCAGY6A04CAZNQVI9CAD5BGRKCARZEN9NCAXPD2T2CAW3H2J8CAJNUIC2CAN8JCQICA6F4CEOCABBF69DCAXOHX5GCAAOTM5ACAJ5PE04CAQUH5JVCAXV5QI8CAL9A5GNCATK3KQZCA401EWK.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\5AJCAN0OJFMCAD65TBICAQDJKH2CAS3J057CAII9J3XCAAKZBC2CAVS6RQ4CABLE9K2CAULMS2NCAIN7P3NCAZD2TFECAN0BIX8CAVV8L64CA5TJT9BCA8M3VE9CAK85OQ6CASACRZBCA08O3LDCATKS2FWCACYJXDCCAZFMC28.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\5HSCAJTIDIGCAWV5SRRCA478U0VCAI4RP56CAXTEOTLCALV1WQECAVIJB0PCA3PYS78CAX3O7ULCA0KZ94PCA3GDXZNCAVZNIXACA288648CA78ZTQNCAPLHDLJCAUXPGJQCAXD3JCPCAMILN8LCAB4OMZQCAO00TS3CAPLP357.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\66MCA7HXWN8CAEUWXHRCA6I39W6CA73DBDNCAGI054LCAZU5ZE2CAGO8ZUQCA6N4SBVCAP7WIVHCAGQ6380CA7E05QLCABE8QLXCA68PONMCAQ7PIHLCAWKU6ZWCALTN379CA67FZ9LCAG7ECDICAO2DTWSCAZY8JGYCA230W94.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\6G3CARFT68GCA6Y2CIGCAYB2NLTCAT2SG5CCA0DTFC0CAO13P2FCA5GU8N3CAKJ0BBOCAZG9O3VCAPYZN73CAV98MGQCA6YLO3ACADKW828CAJA1S19CAVO22MICAX92XSXCA5FKYZICA8KQ3G7CA7C1KSUCABSNXR8CAHLTEC8.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\UK1CAVJW585CAM3NML3CAKSC3CFCAUOHOIICAW4ZICDCARNPFQFCAQ9CEX7CA20HJIECAFYLNO9CANQF2HXCABKHJUACAYHHHG2CA092TJVCABNK00ACA5K3MVQCAZVR664CA37TQCWCAXUH0EACACGR1JUCAB360M4CA1JQUTC.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\8M1CA2667J2CAVXF9FZCAY8LLCLCAEO30QCCA8MQY52CAKHFV9BCAYE6Y2KCAJO1UTGCAVU7BPSCA3JUXZJCAK9FYFVCAVHM20RCAI32DI9CAH1RRNPCA0MB2VVCAELXA05CAMWV3A2CAHCXU95CA1XGZ55CAZVQ5C7CAQ5D878.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\8UECAIYQXIVCA4G90BOCAQ1FK04CAYF7BH2CA37EK2YCA5P0M5NCAR826AMCABO2XT2CAMQGGEMCALQEJIVCAFNRZBYCA2OSAEFCAD0YQLYCAGA22VSCAG2O8HRCAQKP2VSCAWBPO4NCA2155YVCA2AE21SCAL5A33TCAXGCDTV.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\FYBCA7V5YS9CAPO0LT4CA63JMPRCAY7WXABCANYQXQ4CADS4W9XCARSQ1U7CAISKCBVCAC8I6HYCACYP714CAUQQTYCCAXT31T1CAUY45WXCA7L6RSSCA9UBS4VCA7UTBTGCASVRUS4CAV7XNDSCAXOFHUDCAVOZOU2CAFF1GRF.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\TSMCAVHVXL7CA75WJHICA05LGSQCA1SM58MCAQIIIU3CA18966RCAFMKIVOCAG7B2ECCAOBYW6CCAE4BMA3CA3ZHIYECAPD05FECAQSGSTSCA3FIHXHCADI870SCAIWQDM6CAA341V6CADYJ03SCAC2YCSTCAF4HQ98CAB6HNVG.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\UNFCARNA4TTCAQF2CRKCAFKHWFSCAEKHRHYCABPAXSWCAPPHUF9CAILAWYWCAPMUESBCAT9BAPICAOUBJEZCAT3P8KTCASLBE6RCAN0YOUGCAFQ4WHTCA5ECRDKCAP5FTTGCAN2BRRRCA5L30ZACAUUG3TNCAED5B5VCAT72HH0.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\WFOCAYFLOHGCAYF7MD4CARDJGAWCANFW0Q0CATH9HBKCAV1N44CCA09C3GNCA0ZK6H9CA5NKIROCA28BSTMCAGL09C3CAK5G58LCA17IV83CABUFMVHCAMZ47JZCAIUF5T0CA7ERRAWCALEIDG8CAIM20WLCAPMGK6OCAUKPG63.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\SFBCAI9AJYHCABISROZCAVTLS5VCADL6WY2CADJTZY2CA10JBD8CAHM03EZCALGJFYCCAO4S4A7CAX7XKKQCAWX6RGFCAJW6VKOCARTY8RHCAQX4BRECASUIVZ0CA6347D6CAZ71UK2CAFC9RHQCAOVTLLFCAIO6C83CANL1TBS.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\AJDHAFICA8B1DZNCAJ4CFMVCACAWS4ICAO9ZK1DCA043ZB2CATPWL22CA1CFKDCCA15DIX2CAFBX68TCAXJ6U8BCAYTSJLDCA1EHG2GCATO22LICANQB24PCAI42Z4WCA4AIET8CAIQHANLCAJY9GARCA81V0PQCACPMEVICA410BYX
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\AKH8HU6CAPGSB50CAF91XJWCAZSHA91CAVQXAOKCAH350PDCAKECZ50CAR25A7YCA6MVNN6CAW7LI30CASPN1NXCA0OUK2ECAW3L08DCALFIN9NCAPBSR6VCA5AR5RRCAML5DXYCASSVJT7CA7T429LCA21Q1FECAQZW3SUCA2HYAKC
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\AA0S0Z0CAW96JR5CAN49X5BCA2SDRTNCAAXDV25CA8L3OH7CAZBNA1RCADP5VSOCAS54PA7CASNKLYTCAD5UX6MCA3RAOKACAE90C7ZCAC4OZA5CA7WWZB8CAY0GB56CAVOHPVECA6E9M6UCA75A79FCA7RMMUNCAXESKMWCAJH1ZIX
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\7N9CA91Q1C1CAVSOXPCCA1L27BMCAYY3SN9CA73EZ42CAW4VFG3CAN84FXTCABICGU9CAD9Y6J5CATJ5CYHCA6QFVBHCALWTXO4CA1CARGICAJYCFHOCABG3S4NCA9J3OYYCACTJ9K0CA5NUI8MCA4HAG10CA9QCZTQCA4W6NWZ.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\HWXCAHAKQ08CAP4JUCJCAR85QU6CAHL2YVKCASFFOLMCAVMUTSMCALZDTJ8CAXTXZGTCA9TCZVDCARWTUODCATHR28SCAF7LCL8CATON7UUCA8ILIZRCAOKK98WCAV1Q8A9CAZM1T5VCA0AB2JDCAS5EI01CAGVCO7OCAUI1FZR.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\V12CAV5D5ETCA36A3ONCAEP67MQCAYMV0EFCACZEO5HCA1O3QXMCA6KAWV3CAGJLC4XCACHWHX9CARASAFFCAG52C2ECA0LVZPGCADT8FCACAOX019BCAZQD72PCA58TWFDCA10XL8CCAIPIT23CAVWT4I5CA1ZRXHNCAALGPCM.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\ARSETO9CA3B0PABCAZLSTM5CALHE8VFCA25O5HECANS4PULCA1XE38HCALJT3LDCAAXANHVCAHT3H9KCAIBV5E3CA2GTPAYCAIOCYGNCAIP2KPWCA3YE0IKCA6RHUXJCAU3BQRKCA8IK42FCAZFMOUSCA2K02YZCA24PHOMCAMZW3N3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\AUDERIUCA0QNRBSCA554YH2CAIF320JCAYGCON5CAVX24FNCA5IOU67CA2YY9IVCAVOKEANCA1NZKLPCAAZFVN9CA2LX7MWCANE2NW2CAED3TU8CAMPW2OZCA165P2FCA7MH952CAA85QXXCAQ2R17DCAW5RLYVCA7HO471CAKM1LE0
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPWXEZ0J\AZWHQBCCA3X1EERCAFEITHHCAWJDVKPCAAGYBE5CARNW2ZICAYB4A7WCABZ1BUUCA8PHIQ0CA11GE88CA7PVVX6CA8FB8BPCANVKHKNCAZ2N33UCACAR5MFCAY2C6TUCA0JGCP6CAR1Q0B3CAPEEX69CAJHSGCWCA8EH6VUCAJRWZ40
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\PK0CAUXZSO6CA4KMWFFCADJX5GDCAIXP9VLCAIU0Y4KCAHLQ0TNCAS1FRTXCA0RNRDFCAOTNPJXCA91RQCJCA0W98HPCAYHAQCMCAEAV36KCA5KN1Y0CATWOSZ9CAOUD30ACA7CU4TXCA71KY4YCADY84ATCAH6EA9ZCAQATQH1.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\JGKCAWV7YQQCAS7TNIMCAC92RS4CA52Y74FCA634YO7CAAAPMM5CAC3PB0SCAHSWKS4CA8SRHOCCAEKQMO4CASWYGF9CAGOF88JCANHFVCECAXRBPCKCARDDP16CAN19R6VCA4U6VQ3CA9J83TXCAIVQP0VCAPGMK4JCA01GT0D.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\EGOCAOXF60BCAKLU4Z2CAK25GMLCASJW41KCAPBF3U8CA5SRDZ8CA1XVI6HCAIT184MCAVBBFPICAWA229XCAIAYO6BCACGAK63CAWIR4LMCAYVZ3JOCAYZEO2YCADMNS2UCA0EQSDFCA38REU7CA8V196ICA5GJ70MCAB6MZX0.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\ELUCAYCTR5UCAGUIFEVCAG3SBY5CAT9XYW4CACI54EPCA8J7SP5CAYWLOVQCA3I4WEPCAUCX27DCATW51ELCAX0417TCA15EDQ4CASZX227CAE1SNQZCAX6RXDHCAW7P4AECA9UD0E9CAXTLZ15CA64XWS4CA23UB24CAFJ70K7.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\UXZCAWWGOLBCABXVWTLCAJQFBPHCAYTETK9CADTMPRRCA670JGFCAF6IWVMCA2LVMY9CAAW0ZSLCA0SVTRGCA9RH3DVCABKQBPACA6S3JZ2CA37IC2ZCAY4T4FUCAP678RACAWI15ELCAYAEBLHCAWTVLUKCAC911FHCAS8X0LI.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\v=5%3Bm=2%3Bl=2263%3Bc=8969%3Bb=41314%3Bp=ui%3DKThalNXbneHkqvqhJWnMTwmRBp5ehzqneiES_8Dz%3Btr%3DCp9DjZtFTp9%3Btm%3D0-0%3Bts=20090329154547%3Bdct=;ord=20090329154547[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\D2LCAAC7WSLCAMYPOP3CAOBCIAFCAI5AZN3CAJFAYRLCARC6H6UCA4ROOGECA0BJCYTCAS3PF34CAR815BYCAYOQ6ZFCANM6I55CAM6CC54CA679C3SCA9KZD0NCAD55MCWCAIYY1LFCAXFC7XECAY4TFEVCA1NTT3HCAU15YU8.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\487CAF6KVKZCA5H35F1CAM02DLGCAS1SQOZCA5FIBMBCARA1ISKCAY73EJICAI121KECAGOWA9PCAEJ9JWYCAQ8BEHGCAXSF0HOCAEXP8Z0CA870D1XCART41EICAIPCJB0CAKYZIPMCA8EU4I5CAX15QR4CA37G3DECAD5IWK1.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\4SDCAVGK9DBCAW4JWY6CA5S88DICA1NTX4RCADFPCIZCAB267MACA14UEXVCAZ2T7OGCAZBH6BVCAIQXYKJCA0OATUUCAL2EW6VCAG65QYCCAKSAANICAHVSVM1CAMYGYXJCA0Q041DCADPXP6ICANODRCFCAJTQ2F9CAP5ZUSR.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\5TLCAI6TA8OCAA09W5ZCA8C185JCAQC0WQQCAR1WWBDCA03OFLJCAXKAWMCCAVV09YQCA7OPVHLCAC9PISGCA7YK2PSCAS9K9NOCAVG3459CAW4EDZBCAJQYC3CCAUWEQ2CCA25IDTICA2EMKYQCA4M3V05CAFVM1L4CADECWCY.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\7G6CADX07JKCAKNAYHNCADF0EOECA4BUZ9XCASKJ4PXCAEM81XJCAOJ5RY9CAVL3UEYCAC3HZAPCASU0Z9GCAQ4FTX0CAR5I37ZCAKM6IRFCAYVXLG8CALPG8O2CALJSTRACAVC0B7LCA5CCMUZCAWV6B82CAPSCI9TCAGXXVL7.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KH4361SP\K72CACGK1DLCA9ATHB0CA4KA0N8CAU77299CAR60A50CA582DJPCAQBPPGMCAHU7FMACA3FBKY5CAJYTNO2CAK4DLMSCAHEWQYICAWASGPZCA8LDLW0CAD7TLGLCA3EIDFMCACLVUZ4CALOMP85CAJ0FJUCCA21QW35CAT2AN6E.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Briana\Local Settings\Temp\Temporary Internet Files\Content.IE5\KStealth Objects
-------------------
Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: winlogon.exe (PID: 676) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: services.exe (PID: 724) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: lsass.exe (PID: 744) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETrkcxqtjj.dll]
Process: svchost.exe (PID: 904) Address: 0x009f0000 Size: 57344

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 904) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 1004) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 1144) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 1260) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 1412) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: spoolsv.exe (PID: 1536) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: Explorer.EXE (PID: 1732) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: BCMSMMSG.exe (PID: 2012) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: DSentry.exe (PID: 152) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: DirectCD.exe (PID: 160) Address: 0x00c90000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: opware32.exe (PID: 176) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: realsched.exe (PID: 192) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: MotiveSB.exe (PID: 204) Address: 0x00aa0000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: CFD.exe (PID: 216) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mcagent.exe (PID: 244) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: RIMAutoUpdate.exe (PID: 260) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: NkMonitor.exe (PID: 400) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 476) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: jusched.exe (PID: 488) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: ctfmon.exe (PID: 516) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: isuspm.exe (PID: 548) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: ntvdm.exe (PID: 640) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: Ati2evxx.exe (PID: 1404) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: GammaTray.exe (PID: 860) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: DLG.exe (PID: 1496) Address: 0x003c0000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: LogitechDesktopMessenger.exe (PID: 1612) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: CDAC11BA.EXE (PID: 1636) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: SetPoint.exe (PID: 1672) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mpbtn.exe (PID: 1804) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: cisvc.exe (PID: 1828) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: KHALMNPR.EXE (PID: 1648) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: CTsvcCDA.exe (PID: 2124) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: System.Transactions.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x049b0000 Size: 270336

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x00f90000 Size: 36864

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x011d0000 Size: 28672

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x013b0000 Size: 61440

Object: Hidden Module [Name: Intuit.Spc.Esd.Core.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x01450000 Size: 258048

Object: Hidden Module [Name: Intuit.Spc.Esd.Client.Common.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x013f0000 Size: 86016

Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Logging.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x014c0000 Size: 53248

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x014a0000 Size: 36864

Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.ExceptionHandling.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x01580000 Size: 77824

Object: Hidden Module [Name: Intuit.Spc.Foundations.Portability.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x035d0000 Size: 471040

Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Config.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x03750000 Size: 86016

Object: Hidden Module [Name: System.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x03a80000 Size: 3084288

Object: Hidden Module [Name: System.configuration.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x037f0000 Size: 438272

Object: Hidden Module [Name: System.XML.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x03860000 Size: 2076672

Object: Hidden Module [Name: System.Data.SQLite.DLL]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x045a0000 Size: 778240

Object: Hidden Module [Name: Intuit.Spc.Esd.Client.DataAccess.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x04440000 Size: 135168

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Api.Net.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x04290000 Size: 421888

Object: Hidden Module [Name: Intuit.Spc.Esd.Client.BusinessLogic.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x044a0000 Size: 143360

Object: Hidden Module [Name: System.Data.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x04670000 Size: 3059712

Object: Hidden Module [Name: Intuit.Spc.Map.Reporter.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x04aa0000 Size: 479232

Object: Hidden Module [Name: System.EnterpriseServices.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x04c60000 Size: 266240

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x052f0000 Size: 307200

Object: Hidden Module [Name: System.Windows.Forms.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x05540000 Size: 5017600

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: System.Drawing.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x05aa0000 Size: 643072

Object: Hidden Module [Name: Intuit.Spc.Map.WindowsFirewallUtilities.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x05c60000 Size: 1077248

Object: Hidden Module [Name: System.ServiceProcess.dll]
Process: IntuitUpdateService.exe (PID: 2408) Address: 0x05c00000 Size: 126976

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: jqs.exe (PID: 2484) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: McSACore.exe (PID: 2548) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: diagent.exe (PID: 2652) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mcmscsvc.exe (PID: 2704) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mcnasvc.exe (PID: 2768) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mcproxy.exe (PID: 2884) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mcshield.exe (PID: 2976) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: MPFSrv.exe (PID: 3128) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: MskSrver.exe (PID: 3248) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 3316) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: sopidkc.exe (PID: 3856) Address: 0x009e0000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 3892) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: MsPMSPSv.exe (PID: 3984) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: CALMAIN.exe (PID: 136) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: mcsysmon.exe (PID: 2340) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: svchost.exe (PID: 2612) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: FirefoxPortable.exe (PID: 108) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: cidaemon.exe (PID: 3272) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: firefox.exe (PID: 1656) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: RootRepeal.exe (PID: 736) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETwboboewl.dll]
Process: taskmgr.exe (PID: 3840) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: SKYNETxvkaoyly
Image Path: C:\WINDOWS\system32\drivers\SKYNETpjbotvfg.sys

==EOF==

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 22 June 2009 - 05:39 PM

No you have a rootkit infection. it hould be gone after these.

Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\system32\drivers\SKYNETpjbotvfg.sys

C:\WINDOWS\SYSTEM32\SKYNETlhmnnyvd.dat
C:\WINDOWS\SYSTEM32\SKYNETmshgwklv.dat
C:\WINDOWS\SYSTEM32\SKYNETrkcxqtjj.dll
C:\WINDOWS\SYSTEM32\SKYNETwboboewl.dll
C:\WINDOWS\Temp\SKYNETuxtkosvhtb.tmp
C:\WINDOWS\Temp\SKYNETxtksmeuqhx.tmp
C:\WINDOWS\Temp\SKYNETbvfqqycrny.tmp
C:\WINDOWS\Temp\SKYNETceybdmhvqj.tmp
C:\WINDOWS\Temp\SKYNETcotnuyirvk.tmp
C:\WINDOWS\Temp\SKYNETdcxbvjkitt.tmp
C:\WINDOWS\Temp\SKYNETdibadccriv.tmp
C:\WINDOWS\Temp\SKYNETemctqeecfq.tmp
C:\WINDOWS\Temp\SKYNETeqqpfwbyms.tmp
C:\WINDOWS\Temp\SKYNETexornfvnms.tmp
C:\WINDOWS\Temp\SKYNETfqqorfkkcb.tmp
C:\WINDOWS\Temp\SKYNEThidornsvft.tmp
C:\WINDOWS\Temp\SKYNEThqowpsyjft.tmp
C:\WINDOWS\Temp\SKYNETixfpwtsppf.tmp
C:\WINDOWS\Temp\SKYNETkcojfxtior.tmp
C:\WINDOWS\Temp\SKYNETktrvqaqbvx.tmp
C:\WINDOWS\Temp\SKYNETkxnvevxjip.tmp
C:\WINDOWS\Temp\SKYNETmqibabmuxx.tmp
C:\WINDOWS\Temp\SKYNETnmcvrerqpx.tmp
C:\WINDOWS\Temp\SKYNETprqrjkbycy.tmp
C:\WINDOWS\Temp\SKYNETqbuxnklhgh.tmp
C:\WINDOWS\Temp\SKYNETqpxoidbwtx.tmp
C:\WINDOWS\Temp\SKYNETqxerxnqqoe.tmp
C:\WINDOWS\Temp\SKYNETrjqvgoivxt.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\SKYNETpjbotvfg.sys


Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.


Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 22 June 2009 - 05:41 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users