infected! possible trojan/more :|

Hi, first off thanks for checking my problem!*sigh*

Basically, been having many computer 'hangs' that never end, also many redirects and pop ups on IE and Firefox, having trouble getting to any site to do with removing ad/spyware etc.

currently running avg anti-virus free, scans indicate : Trojan Horse Generic10.AGTV but nothing else...

Hello and welcome ...Le'ts get an MBAM log and go from there.

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Please download ATF Cleaner by Atribune & save it to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.
• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Thanks for the quick reply, i did the atv clean first, then tried to install the MBam, however, after installation the program didn't run.

You tried the zztoy step?

If so then run ROOTREPEAL

Next Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.

Thanks, yep tried the zztoy...still didn't open :|

However, here's the RootRepeal report: (rather long)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/24 02:59
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: avpj1atp.SYS
Image Path: C:\WINDOWS\System32\Drivers\avpj1atp.SYS
Address: 0xB44A3000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0x9E2EE000 Size: 888832 File Visible: No Signed: -
Status: -

Name: MSIVXxswlapyapxepwvsvuoedhbajxfgljunb.sys
Image Path: C:\WINDOWS\system32\drivers\MSIVXxswlapyapxepwvsvuoedhbajxfgljunb.sys
Address: 0x9E5A5000 Size: 184320 File Visible: - Signed: -
Status: Hidden from Windows API!

Name: PCI_NTPNP4596
Image Path: \Driver\PCI_NTPNP4596
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9B4F6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXjwykieteldbxishpkbpukgyvlmpuoikq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXwcktjpppdsqdnehnoilpgnhvibolodgq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\MSIVXxswlapyapxepwvsvuoedhbajxfgljunb.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\leesha\local settings\temp\etilqs_odq4zsyh1szlh5vo4cwc
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\Leesha\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Leesha\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\0FTP5CARO7OJZCAZFP26WCAVX4BE7CAQS03IACA6NM21NCARE0QJ8CAX0BXO5CAUTUX2ECAMWMKKICAZ4Y8F5CAWO4JDTCAQVYU9ZCA0MI3PWCAZ9ZVJ6CACW9YWECA1WZ322CA4T3VFSCACV9LE1CANL2R2QCACMYZ3YCA5E23QW.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\PRBIPCAXK32XICAF7YFANCAQY04A7CAHDF6T2CA4B1N0CCAOXADS1CAJ1B2SLCAY8D3UECAR5KX8YCA1R4C17CAM9A2Z4CAC6NBC4CA0SODLNCA162LUGCA8PWELUCAODH4FECA2CIZ0NCA2BW35BCAP3ZCKVCAEVW9HLCAJ6OM00.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\SQ426CACBYOEUCA1G9DHPCA30F3RDCAKZP0DZCAVY1U0YCAD6HQBZCA3WCM0TCAKOHF39CAIX83CQCA5VWFSQCAIR1OJ1CA0F34MQCA58US1UCASFGS4JCAFRI0WPCAZ93IHSCATSA781CA8SNXBZCA1EBIWGCA0HF1G7CAH4HM4C.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\BUVKOCAF5HQKLCABUFKQ2CAPB15EYCATIX8LPCAQB3V5TCA42ZCFPCAZ65HNPCA9D3MKYCAIL8C4ACA92M8ARCA2EJ8XDCAD0N91BCAPPR26BCAUQONJ1CA0IVQYYCAZW03ZECALMEZNSCAQZBM8NCAQ59WQFCAJS7OLUCATEKO5C.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\2869PCASZNXEQCAB9DE30CA30QMT7CAHXL47ICAS2PZWECA79AVW7CAQSV8U6CAZG2ZGXCAM60TW4CAIHXAKQCADICGHJCANOZLX0CA33AKSACA6D0OK9CAZKBM27CADYXIHNCAWI0DR9CA5OZCH3CAHJE3LDCAW705UHCAW49R04.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\NLK1MCACS779CCAAXIR5DCA8Q650HCAOU2WJECA75JX1ICAT2T8YXCA0BXY97CAA3GFUCCADH5GSJCASYYBLFCAYMN7D2CAY5XMSYCAPRDBRFCACYQ9NZCAIJI9Y7CATFM3GRCABD3TCJCATKCMN3CACF7V60CAG9MZFYCAY4XGPH.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\NLN6BCAQZEZB8CAL2S5PDCAUHFU83CA1CJTXSCAOKMBQICAK3DX6CCAQ9UO5ZCAEGKMCXCADAKO85CAGTS161CAAKQC60CAYF9RRKCAYN3QQ1CAYVPY7ICAO01UC3CAO89X8TCAYONP3BCAEQWC2TCAU0CVSMCAE5U5FTCAIGPSNP.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\6FJW3CAD88DM7CA577ZA2CAU4XILFCAY9Y3WUCABUFX55CAYSXSIGCA6PFIEQCAP63IBCCA5U4EAHCAYQDCHWCA3L8NOWCAO80B4NCANWK018CAJFQZGQCAY3UZVZCARRCMI9CA3M5QCDCAC5JOWNCACBXM1GCAECGOH9CAEE2VVZ.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\DFTHCCABTFX8RCAZ4PFYLCAXFJWJQCAUG6U4VCAT1FJ82CAF6BFTYCAIP75FRCAY0B4MCCAW10K2RCAG2BXN9CA7REEKNCANWFB22CA5L4XM8CADFB3PACA6TLRT3CAMMSRXBCAH3TMAYCAAE12Y6CAGCBZ3MCAC2LG51CAYDN0U0.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\DLOUSCAMTBMP2CA0HMB84CA8IHV5ZCAGHAECZCAC30EWFCA409632CAEKSLNVCAY4VFP3CAPQNIEZCAZKII17CAR89TM2CARW5026CA5V13HSCA85BYRACAV79Z13CA0RWW0TCA56FUT9CAH3OQSYCAI23SK7CAPFFRDZCA697R8W.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\E2AIVCA7AZ3EBCAERSYZLCA20YHTICA0KIEQNCAJT9X5XCAJ3FYK5CALUJ9VYCAPQ2AH6CAN755XPCA2F5FPPCABOL350CAI0EY6XCACC4PIICAK835UTCAIY46R5CALHMXGDCAQNOFVXCANWRZ5DCAMJK6F6CAJ1FZEWCATRKYWR.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\P36EOCAES2A19CAMBUC7HCA4FYXN8CAL7Q8GFCAWE9GH4CA9WVSQVCA95V7U3CA2M7B0DCA97FH5NCA2NZL9QCADWXLI9CAOHZGYLCAVAQUY3CADPDAW2CAT0UN27CA7SB3B7CA9XDYRTCAC2S02ACAF6J2TYCA97K640CAEL7PWR.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\LY7DQCAKI61Q9CA0WOSGZCACL1D30CAY4VX07CA5K5IZZCAFBRCD4CAJHIM0GCAOCV2NOCAI3A1IFCAARK5LECA4EFFIGCA35OE7LCAORQFRJCAD7KMPOCAMT2GSHCAU6WBETCADJ9WGXCAJJJS3ZCAVQ4VVLCAO23500CAH8QM24.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\WHZ1TCA1U9HXXCAM89Y2QCA3TQDRACATUHSXHCAJ23BPDCA338KYBCAX606Z5CA7UYKKZCA4ZB3QXCACE7YX3CAXWP25JCAPUITZXCAL8CSQ3CAPE6A2TCAJNDCL8CASQ88LOCAAYC9V0CAO0XQ0BCAPV009KCANP0422CAO77BV6.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\WIGD4CA6CHO0SCAH1GF5ACAQ28Z3VCAZXQU6NCAXKDL3QCAHDC5LPCAR3T7RPCAPVJOC7CABGASA9CASLX5BMCA8WPG5XCANCUKY6CAZQPYQRCAMR2DU5CA3A6Q4TCA87W51JCA4G12Y4CAVZTCXICAJJIRPPCAEWRR62CAJCII2P.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\WOKKDCAWXTDJ7CARQI8TACAX1E1LVCAM7Y5UDCASHIZY2CAS25MPSCANN1N3VCAGULHXWCA788RRXCASVFP2RCA6VRTI2CAJ6WGR9CA3P9SDLCAFM5ZZKCA1DSAYPCALN25VZCAE1755HCA05HDN7CALJJC03CALM9LIKCARCYGPW.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\WSSI6CA7UFV0PCA1CPD9NCAOKJ4XUCA8N6R1PCATHFXA0CALDZ64MCAJT8XXHCA13W668CAJ11K3QCAQIBQJ9CA6OT0OVCAFH9GLTCAXETDC0CAWS0CNQCAAZUZJWCA7GEZ2CCAZPHRLACA09QO88CA6TK2M6CA5Q1ZTXCA9CHPKR.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\Y687ACAKHKAE0CA8335O3CAU8VEGUCADOLEX2CAZTB5ANCAIX2AKKCAX18ZFYCA368G5RCAAKSO5HCAYJFMUBCABV9XGZCAUNRMS8CA2DACSYCATDOCOVCAQ2N1OKCAFUI5A4CA0US4UKCAFS0M22CAMMPT19CAYW7ZVHCAGT3Z0N.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\YBF81CALBCZG0CA90XU9JCAIYU0Q7CAY251QTCAXZYDV0CAXJM2Q2CAADVI9TCA0NB3YMCAB7VF99CAK490KTCANBW7X4CAEVKXVDCA8LUTP2CAP9ZW9RCAHVANPSCA8LZ78YCAHYO4SDCAG4XMY9CAJW61ETCA6HEJ0TCAAZZ4HD.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\H9CMZCANM9E28CAWEPEKQCAVKCVWLCACSUWQ0CAPEOO9ICAJCI56OCAIXOFK1CAI13YZECA55SIAGCAFM9HNECA1G8XOPCA69HAJ7CAQH0XW0CA38PLU6CAZEN6WECAG69HZXCAYBMEAVCAWOAFFVCA9XVPU9CA2USULKCAFQZ3Y2.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\HCE01CAGF3OURCA78SP8NCARGC4NXCAYKN0VYCALPNAHVCA2QKRRXCAL64KO3CAIJ9RALCATZ72L3CAE6H077CA5WFEMKCAIIZIBXCAC8XH48CAXGBWB3CADHXVXGCAAPXRZUCAISQ87ACA9V7C6JCATS9OJJCA53MU66CAWJI9DK.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\PWUITCAX7XJ07CA9RWT40CAJSTRG8CA2SC8XKCAAQTVCUCADGC673CALKT86HCAVWQ8A4CAWJE6V2CAW0OS9TCA9GR68XCAYSFHG8CAJOHQVJCAY11297CAOCQWM9CADUX0WPCANBHZMHCA58C2FTCAABUIEICAJXJEF5CAI67PDY.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\2SW2ACA90XKZACAZKT5NQCAO5QDJCCAJEJH5ZCAMYBON3CAH38F9RCAV2Q2SRCAPGIIF1CADZ6ZUVCATY473HCAQKHIS4CA0ME0KBCAZVNBAQCACRK6C8CA4LZRAXCAB3TIVLCAOT9F4ECABPQB3CCAXA74KXCA602F3NCA0U6MSL.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\U411NCAX7MCILCAEJJ1ZMCAZ4EQTFCA01V3IFCATQU44ICA2F61SXCA0HUD4TCA2FYXEMCA1394G7CA8Z87ECCA0LS955CAPRBPAKCAG0NZH5CAT9HAMNCA6A9MYZCAZZIOFKCA8KIXSECATNSAOQCA2EC54VCASIYITMCAPE0OG9.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\UFQIXCA5M285KCAZ575HZCAZ6H5T1CA2JD8QCCAULM8KBCAQUTZR0CAR8ZPWLCAJDPQW5CAB3HLABCA97RQYACAW72PHLCAGHT3L9CAL7UCC2CAQ7KINWCAWGVFJYCAE8DH0ECAQM9SCACAKG4M7MCAH61HFQCAVP0BX8CA3YAXYT.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\URE1ZCA3O3TBVCA9CRXWKCA2396GOCALH0AOFCAI07W4OCA4GDNQICACYDQ0ACAQW4P10CA80D8ZICABNOJ4ECA6LKOQ0CAT1M87FCAX32K3UCATHJXSMCAWO5YWWCA18H0WUCA0AT8UECAA0XDB4CA9565OHCAYIALRECAC55R5Q.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\V9P9SCAER5HCYCAEGAZQWCADWXSEOCAVQ1HHGCAYT6TRNCAFV97U3CABD1CPHCAHNEY2UCAP3J88OCAW6DVU2CAQVBWD6CAL7B6AYCA4RAXSCCAENL1AJCAPSJ8O1CAE8GYJOCA9V3XOFCAUDTSLJCAD3SIBUCAD12039CAWEC2AM.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\16XZZCAS8QEGOCA3WR69RCA2KNYGYCAXXNQ8XCAC0I04JCA08I67RCAF1IX4RCAJLISSQCAFHZWTJCAFIQ0TTCA1S2LO8CA0313G1CAGOTA91CAC1Q2O0CAL4OCX5CAEHCTTYCANGY0S6CASOYL0JCAU0U0HQCA2I8XJ8CA9QNPY7.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\8F4WCCAJPTWZ5CA78EAGTCABH7MCRCA5U3LYFCAMO9LETCA6D5BYSCAPZEKC4CAF4ZLZJCAOX7EDFCAUCI7FTCAMIZYG1CA5V4E3TCAUGXM9GCA8ML60GCAMNKQ0ICA43I5XUCA063DOJCAM6S1HUCAMTUS1VCA8P6MGZCAU6EATX.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\8OZJ3CA5Q7F29CAEQ67R1CAJ7SV6CCA10T3R5CA27ZGC2CA6QIEXXCAQAMUMQCA03R5V1CA3L2XC6CA6QJS8ECAD22A31CAUVYWKYCARY88YUCAKMEUEZCAYPRFBCCAM7IAHSCADQBUEGCAQOZXH1CADN1EJ5CA2EZ7FICAMAR9PZ.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\N2RT0CAHJ7EQ4CATK61U8CATZ2OTTCAXTKBR9CADDUVPBCAAZVNHECAOKG8WCCAQIDLLJCA8SP593CAZDR2ELCAVORI6MCAWTIZ0NCA6HPANTCAJ5SWJ8CA6XFUBNCAU4VU6SCA2AS42YCAWEDLMZCA6KLO12CAD44YUQCA0HB4X0.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\RLKCJCAB8YHCNCAVTRGTHCANT0H2RCAQA0NHOCA6XYRNPCA5B5Z5ACA4F7U0FCAE67IWCCAY3KFSOCA95CNXACAMZXN0VCA6I61JNCA0ZNIO6CA24B1VPCAAGGEYOCA0YDTGNCAPD37V5CA9X82ECCA5MDTU7CA1ZABZ8CAO2ZESR.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\E46N6CACXQ5P2CA204NN4CAKTUPTFCAWWCQ5ECA999RJTCA6Q1T7YCAJ3BL75CAIIYRO4CAJZQITBCAJDV7XOCAMDR9N0CA3MA7H2CAW0O4TKCAW14SLECAKBYARSCA5AR417CAWTWSUYCATNUUHDCA49EPYJCA3NU3YNCA1WQTST.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\E71NJCA9DA2LQCAF8Q8CXCAA5Y7PZCA250HM9CA3F6I3MCAGZRA4ZCABFDCVECAYOGYNICAXYSIMGCAQDEGV1CAO801W4CATDJIQ0CA968B0DCA3SE2VACAI56K18CA1QXRHYCABDXPPACAMAZWXVCA7JOCISCAR8QYGHCA4R9302.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\EG029CAKT2KGGCACUFC88CAA9Z67DCACLSSZ5CADWMAK9CAV9GNTYCA9UGNRZCAS65G2HCAV1QTSPCA3O4YKOCAJKK0L4CAR2ASH2CAN1B31ECA0805HTCAYBVK4HCAKB6AHRCA20F502CAAPAAFXCAOLZIX1CAUS4I53CAURWZK9.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\EKXX1CAQR8KU1CAWUVW36CA4QFSEACAITIAGVCAB0L0I9CATAINPGCAM2Z16WCAOD7DOECAQA0XZGCABHPQ24CAV11HTHCAPRVOPJCAHTEQXDCAXM6DLYCARUD0E6CAMAATVMCA4TYM59CA6N2RTCCALNZFC0CAYAUO4XCAYJBNQK.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\4QNMHCA1JEU2ZCATJ92BQCA11LSLLCA9A6V74CAFO2R10CAXPN49QCA7040MTCACMPQ06CAAPUND3CA88S5CCCA83UNVZCAJF6KOCCAP20L18CARP6J72CAWUMRRECANZ0LQLCA29QHX4CA5VP7C3CAZWBQP5CA0CVC0NCAKUOX2R.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\4YSGDCAC5QTYYCAF195WNCAQU9Z2RCAAPQ8B3CAYBA4S6CA1CSO4KCA5CTX08CAVTVESQCAP2OBA6CAQEGTBICAKM3RRACA9YD4U2CADK9U6TCAD4YWVXCAHJFJ16CA7A3Y6CCAW6GBG9CA0Y1XEBCAW8QB1KCAHWXI8NCA3NEHQ4.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\HJWTGCALDSKLSCAR7ASOCCA2X7T3DCAEFPVL7CAEWGF2WCAKLR251CA4F1LI4CAF3ZUECCA9OO6LQCA9GGZE8CAWJ9S5GCAZQS1LDCA2KT7QKCAETSAXFCATKTG7FCAEF5ZZ1CAKBFA3OCAEEXOJSCA3IYLSOCAFEK0I4CAXE4GH7.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\HNDO2CA105F08CAXCWJG3CAPJUE0LCAW3LCWOCA13N168CAQUC5XXCARN99ZZCAME313VCAREZ6NSCAQ3R15SCAZ648TECAAG6FRFCARIPEGICAO061YECAHGK0E4CAMDQYNDCAYXL0BWCA0PW05RCAZXWSWDCAVSX73ICA3K4D1N.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\HVMDPCAJVQNN3CAQZ7ZEUCA2PONL7CA70I5PZCA4IUH4SCA2H8B91CAOS6EXHCA9ZZ31SCAG0NJCMCAJVR90TCA66MI95CA4FMZ4ECAFOO6MXCA03JIZOCA9EA2QLCAHCYHGTCAMM4RFZCASTCUB5CASU37CACAP2PSLECA2PO63Y.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\135LECA1HVAJCCARU9Q6YCA0KICQFCAVV2S8YCAID6A54CA97P549CA1XK6KFCAU93UUNCAEWX3SUCAAY0U2PCAP1CT2ZCA1O9DO1CA0K6E03CA4MO5PRCA5PFC3JCA0Z5ZPFCA7CZ8MTCA6O1Q6NCAT5IH53CAJW28M8CA7EJLMM.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\T1E99CAG41TB8CAUGGE31CABYNA01CANVA72MCAIWNQ3ACA23BAPBCAZC1J58CAFOVFV4CAC084ABCAVO2J0GCA3IPTYPCACSEC0VCA4LPF18CA6GOC2BCA4KYZ0ZCA9SQA1HCANB4Q3RCAF7R1PLCANQEJQ1CAARZBLNCATISUXC.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\T23W7CAW21BOPCAI3JE2CCA75ZFS8CACICLC1CAMO3QU2CA2IUYDWCA4DXL9KCA2X9EP4CAIY3PCSCAUJ4WRPCAVBDW94CAID4N74CAUHSLMECACU2SWUCA9LVL28CAFO5YLHCA500GXSCAIH4U4ZCANSBGU6CA79P0IHCAN3QJK4.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\1EL8LCAD09C14CA8M5KMBCAMPI46HCAXJVPE3CA01IG6MCAIE30IBCAJ6UMNFCACNTXPYCANJ6MQKCA459YBNCAMWK63NCAP17S3CCANQ1B76CA5L6KSTCA2TTHFMCA9PFVC8CAVOBNTWCAAOI9F0CADCVYPZCAZVSZZDCA720IG1.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\1NKI2CAL17VJNCA2EJIOICA2VWBWOCA5E9ZH8CAQYWAXRCA5ATIL5CAS2E9E2CACF1TKICAWKWEYXCANYF65FCAGIDU8ICAYD6SY3CA28CZ5HCAQGTNW3CA289069CA9EZEKJCA2TCB2BCAIUSQRACATRI0KLCA74B7VVCA2J5PKF.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\E37SSCATYYEFWCAH16KSRCADUUB6GCAV8YQU6CAJRC10SCAWT90VJCA2R0YHOCABSB4I1CAC9BH52CAVST8T1CAB0N21OCAIGG5WSCA39GBEVCASIS3JBCAYC2302CAN39X0VCAAMJAHSCA8YKCZTCAQPM9WSCA0QFTFOCAHV20JD.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\K5KR9CAP375U0CAL45HT3CA4ZBAVNCAVBCKEZCAPN7RTXCAEU2OM2CA1PNFULCACPG0MBCAF4MWVPCAPUJ8S9CAWYMENOCARDKU87CAXYDSP5CA7QV5WMCAOONNIPCAL78VWWCA8E3N7YCAL0FE34CAQR3OFLCA52P5M8CAK709ZH.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\JG38ECAYWK80SCAEZJT4ICACPL9L1CAMBZQP8CABOYZJ9CA8NOTAPCAQV7M3XCAZK99EGCAC2PU52CA1JT78MCAOOCGBECATZHYTHCA8LH133CAMP5800CA2OSTMICAYPZSUDCAXBX9TFCAGRIQ31CABN1HINCAO06KQ0CACUYI9Y.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\YJUKDCAJDB2HWCA107GW7CALBV085CA7PFN6QCAM3EF8DCA517CHRCAJ1KXMVCAOVWW8CCAQBNTXDCALRCZ0OCAE8B85ZCA47KSMACA0FW1Z3CAS4TQ79CASH0UR3CA99WMPECAOSWXLACAC0AAX2CAK35R1ACAOUALBICAZH14SU.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\YWZNYCA9LXWOHCAAA4J5ECA0V35D2CAW7BE3BCAQIE4BMCAK7IZXECAA0XLUICAWVP12LCA9H0QIUCA1MV5YCCAB342ZACA76PJ9YCA4Q8X5WCA46VCZKCAV5ZCBJCAB496XDCABZOECBCA33S6JJCAA24LT9CAXIODTJCA7YS9GL.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\ZRDU2CA5XLLW4CA0UI00MCA07GO84CAAM96OCCACPKI5ECAP6ACMVCAB55TGECAEM6TK5CA20RJZ3CAJ9MX6KCAK01BV5CAOPT1JSCA17KUORCABV42J6CA0GDZ7XCA78VC0WCAHIPD5SCA6HQNKICACW2A1NCA377KE3CA0AF5RN.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\3UYCQCA1L08MXCARXAW1VCAY3WK76CA57T0R2CANDI05DCAW3XR1ICA23H106CAI6EVFVCAYRAXAZCA7TR174CAP0GTNMCAFL9Y9LCALGBY7RCA0ZTNMKCA549FE2CAI492GJCA6BG74RCAHSPKELCA1SSLU7CANM3PFLCAOZKMJF.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\3YKYDCALWXUN1CAQ45MFGCA4AKYJICAWNP733CA9QJ8IVCA453O7XCAJMKS0ZCA4B71N0CA7JM5HPCA3JUJOACA133N24CAW42UTBCAXQPIKSCAHW5N0MCARJY7NRCAA2BTZKCA727F1ECAH2JIQPCABJMBQECAHID4VTCAQ671WA.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\R00ZICAVI1NDNCACTUNV6CAZZBFFZCA9KVY0HCA1M2IBQCAHR107OCA1FMRGJCA8TLHUQCAD0XE1GCAUOTDNNCAYE22WNCANBHL10CAX853PDCARMXQXHCAEKH11TCAPA83CHCAUP7S5NCA9U2EB2CAMZ1IF3CA399R3WCAYRN848.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\R7Z8CCACY3W1VCAXJKEMBCAL2X4KXCAVTXL9ICAB0EJNFCAL2TSLXCAUVR1R5CA5BXUJRCA3BMP77CA7614Z4CA8Y6KPFCAFTH31QCAP7BFEOCAOBP8HNCAMJC84MCART7N2JCA8F767UCABA64RICAFDL0J5CAZG04WLCA3FZL1X.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\9YE8YCAHOVTNCCAUVGQAZCAU5MRSACAMOFTPBCA73CZQ9CAG8HFH6CAL4RCFTCAXI3D5ECA4FHF58CAF90RA5CA2JRVS9CAX29VIWCAYSGHQSCAQMXUWZCAC2HHQBCAHGJI3ACAE69KL3CA4PCJR1CAX2C27XCADMJ72GCAYNHSL0.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\A0DD1CA2FGXAACAWX22CACALIRE63CAD885ZOCA3NTG66CA5MXDQJCAE4SM0KCA0O5N9NCA17ORGBCA1X7YZGCAG5JWZ2CAGG0SC1CAV4M0STCALERLB3CA8GLY0TCA17GXEDCAT1EXMICARWP023CAZDPGY0CAQEKEY7CA60ORAG.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\KH2ROCAYX67F1CAML22V2CA3RZ521CAEO052KCADCW1XMCA4Q02H2CA3S8Q0OCAC30H28CAKFN5UOCAFVI4WFCAZAT57ZCA25AMM2CA1S1WXPCAE10PCZCAG9VLVXCA4W9VZWCA8P9HNYCAXYS17NCA8XKVBOCA6CRMQ0CAGVU8TR.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\KI4J4CABECH5SCAH6AKM4CAC0FOPSCA1TCIFWCASW30DXCAPUSMKZCA84LBNTCAIU2GOZCAHEFZB2CA5R1449CAVYPQQ5CAB2K7U7CA7JMHT0CAHXEWEXCA9IXG0SCAVINE3JCAH4LXFFCAYILE09CA5W31APCAX8V8DXCAT2SU51.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\29KMI1GI\KV48FCAB5P902CAQ44J9WCAID3Z25CAVIVIKKCAOFX1IFCAU235I1CAU6BPO9CAPN0JLZCABCEBFGCAVQPVQZCARMTIGDCAS65ORFCAF9A7JSCA6UA0FWCAWBP7XSCAOYY18TCALHQQUKCAJHMP0ZCAIW8PQXCAFZYNX4CA9V8533.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\0FHQWCANEXQ3ACA9NW7QUCABMJ9K3CA7Z8CHMCAGWBOUNCASZWGZYCAETFFGVCAAGSFTLCAKI98S7CA1A01SZCAFDN1RZCAZHCS6TCAE54525CATRKOBPCAN2SX9HCAURJ9QPCAFU6WS7CAGDJQ60CAT6E25NCAFO4FVXCAU61S9F.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\0L4ULCAYIZV6MCAB68RUPCA3ULHQBCACDO09JCADYBTC3CAW706FACACWFOA3CAEN5D96CA3HGYXVCA2DDW9OCAK6MTEBCAA25YP9CASV9OUFCAW2M0AVCACIIOVSCA9LOQ8ZCA55G34FCAK2IGP7CA7AKVY0CAMI29YOCA2IY2LQ.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\0MYP9CA8B7UH7CAU2FMGFCAESIYAUCAVMBPPACA6ZU9WPCAWIINDHCA780GJPCA543NU8CAMS384UCAQ866A6CA2GVB3OCAYW1E1MCAZL1SORCAGQ76BNCADJQZ86CAWRMPX7CAY7NWTPCA89ZALMCAAWYS2CCA2CVKKFCACA51SG.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\REGQSCAKNIHLGCAGK9064CAFKI7B0CA847IWOCA63CYWCCAAXFPI3CA8GN6OQCAD8JTYFCACMNLDXCAOW4ULJCA4DC7LVCAYFE5YXCAS30IUACAIKH2M2CAHPV4ILCA7DM61GCAR37T0FCAVXRBZICAWU9LFBCAOOVOJNCA4P49FV.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\SZCNKCAQ9U139CACADIJECAMMZTHMCAKQGMVICASCCZL3CA2MY146CAN3PFQCCAQIEX5YCAY4DACSCAUJVG3ACA7TUMQ4CA3NYOA2CAICCK8ECA9VCQTRCANH1M31CA44DNU3CAE2F039CAF5T4I1CA9I85PDCAGVNQ0VCAXVHT4J.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\10BABCAUTVELNCAD5K7F8CAG3SC4RCABVHR5ACAR53XGRCA63X1YOCAHTT4ZDCA10FJBDCABSXKCCCAD1QCG3CA8DNK34CAX2DKYVCABSIXDACATZIL98CAQKHBH9CA66A1JICA2EN3V7CAOMB09TCAU1UL12CAZIU3BDCA370WMJ.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\CNT6JCA5QQRGUCAVU08WXCA7OJPFICARJ7VK4CAY6MV22CAVPJWXCCA4QPX7KCASDHB8NCAR2AWIUCAKT7R27CABQOE2CCAWN7EMNCAZY8CWTCAV02XYBCABQCVW4CAW290KVCAXPZQWECAE8A0PZCA5C9XEOCA6GEJL7CAU3TD2B.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\CREDXCAEZBLT7CAJC3TNYCAWN5K51CAKQ3YQHCAHC6Z27CAXNFYUFCA11ETEJCAPETREPCAVNDDOACAWS2QBDCAKJD91RCA8X7C1CCAP6WXRVCATYIRBLCA06QDFUCA83DZTNCAFQTZ27CA1E25R9CAS3RRFUCAL9H1X2CAOG63PB.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\NOPRXCAJICUE6CAL99G26CAMQQCLJCADWGMI0CA583VKICA4PRG55CAVALI3ICA0X9MQXCA6ME2H1CAZY0O5RCA7Z16I1CAZORW4ICAN2LGMICAB5EEVGCAVMFEPQCA6DW47OCAO1BA7NCA29C1OICART45JRCA4Z13PECA9ZMJD4.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\5R180CAWK6ICRCAJVMQ6MCAE0TOFHCACIQR2GCAZKPHBPCAIJYZGOCARS9QT6CAB9274ECAER9CS8CAYSOIXRCAK5HM2QCA4ZC4RDCAR8OBJZCAQQO0DMCAOWY2MZCAWVSH0ZCA89P8C0CAMQCR8KCA1E8T33CAJOOSTMCAH92I8Q.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\5WH57CA9T2JXQCAW1BS7JCALMKVPBCA65ACJNCAIJL1M5CA6UIL5GCAWNBUR0CAD8D9QACAARDMJNCAEQQETACAOX54R8CASAKQU0CAMYNJBICANJDJ71CASYJQQZCAIYH0EBCA78OIMTCANKLJHUCA9PSEM0CAS98UEWCA3SOA06.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\PTJL0CAFQCLT9CA6MLLIVCALC85Z6CA9D2INYCAJU8952CASI0ZSVCAWGW3LSCAW9FL01CAIUCWJDCA5RF3I6CAQM1XQECAMGQWSUCAUQQXKACADMPFC4CAEKXRG5CAW9ROG2CAS7I9M5CAC5QNGGCA7HQRPXCA2Q2G67CAQ2KW37.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\SCNI7CAKQEPF5CA0ZR69ICAF4W1VZCADY522FCA1F30V4CAQ83T7CCA2PL65WCAMUEWU9CAL1SR2BCAXIW28YCA5T7OFICAIE76OSCA4UAAQWCA4UBG7BCAUTB58BCAXRPHL9CAY4MI4XCAT7H0QQCAKYV1U9CALCVCF9CA61ER8C.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\PE5JECAIQHPTZCAJTGYG0CAMZBMBLCA23WAN3CAF1DEKTCAVVK33GCABP7YWFCAPZYNIUCAAX8N2DCA22LTH6CA9B6A0KCALLRHYACA8RG0T2CAHCACA4CAITWKQ9CA33CXMOCANETE04CAY07TZQCA0Y6X7WCAR1VXX7CAOMTIN3.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\JTIV6CAV7MWUYCAHVS4IWCA62SOM2CAVW1PMYCA4P0Z5MCACMG6YXCADZNTYRCANNJ8IHCA564AG4CAR3NYTICAHQVC3ECAOPIENDCA3UT927CANBLNFUCAKN4K5KCA737DQCCADCYUMWCA3QR4AACA4WQ7MXCA8FTHOTCAV6UFBI.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\JXBGHCAE1OKODCAW1WH2XCASSLFULCALDJPIZCAV5IHX8CA2E2BCACADU42AUCA1S0Z1ZCAO3T6E1CAJAMXCVCAOBEHK2CAY62O75CARAPYDMCANIX0DNCAZL9U38CAG2GERDCAOR2RKRCAPBNQL1CADIOR6UCAXQS1ATCAD7HCZQ.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\MU3YHCAA861NRCAC6OJ0QCA6GA5VLCA2ST5BLCA2B3KLRCAXNEREPCA338YZ6CAN60INJCAU0AWE9CAWCZ51LCA1QCL2HCAK2W5NCCA5OY0FSCAJEBUTOCAAVH2U5CADEXXYUCAUE7VP4CA3I8F8QCAJUFCCSCAHU47UHCA0PJ8QR.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\TWJ6KCA8NTDTCCA7GJR0VCA9DQ6N2CAPZR0OBCA9WPQK1CAFBR2JJCALWYI09CA5ZRYMKCAAXVOZVCAA1N6TKCAJL8FGACA3F1Y8BCA7O0ZSXCACEI0HPCA9TXG50CAURQW03CARJX0LWCAF4TZT6CA0O6A1RCAISXE9KCA782W1Z.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\AI5K7CANO47GQCA0RRCK4CANYLBNDCAB1RIYQCAXQUDUMCA9N34VNCA6U2P4UCA3I2ESUCA6X7IFWCA9T8NOOCARUKLBHCAL6L6YRCAYBKBSECAZ9VEXZCA36C9IMCAN7NUTHCAIQKRUMCACBNZ3GCAAAKSNYCAFJ6PRSCA32JYLW.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\H50U3CAZZ0KBPCAFY8T5PCAY2GHJDCAS8WWAFCAJG207YCARK2TNYCA068IT0CALC14LNCAJAB1UACAH1V69LCARJA6BHCAGU8KQ2CAFM3N16CAV7ZZQJCAF4OSBACACY6YY6CAIXT8PCCAAKMNCSCAPE6JK2CALNI7S4CAA04XJS.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\HTBAJCAK047QVCAJ1A0M1CA4JAG6QCAFEBEE7CA6CZISLCAV1SVGXCA3KQ4VNCA1LL97XCA0H0S4WCALP4BJYCA7486BYCAD23ZLUCAD75798CATYH6G6CAY9FBLXCAVOHJ57CA0N74KXCAXXAV66CAZ8S66ICAURI1BECA2FY348.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\HTCR7CA0KV7MUCA93R112CAK9BKBICAHK35XRCA6JZEY2CAJP67A2CAEWP9SPCA8RYCUCCAIUZXQ3CAUIFT57CAM5BFDECAEKGW84CALB85Y1CAC920EFCAW5YG35CAXOA5XFCALH2QMQCAN6CN3ZCALS9367CAJ1LIJHCABVSPHE.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\KGR3GCAPG5TZHCATTPJ9JCALF10Q4CAM24O3NCAJUWKQECAUOB830CA96HKW0CACUX3Y4CA4B5FUMCAIROI5SCAAJDSJDCA3CY1HWCASIW534CAWQCM6WCADF4Y0KCAMGFXVUCAP5OYILCAFNJM3WCAEP1SJ9CAT1WFX2CADR94FL.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\LO6DYCAL0J4GOCABIZ1TICAHJH5YBCALEOCBFCAKTIF9JCA8V1WR8CAQC8Z4VCAH6MDIDCAXQKGMXCAMHOSIBCA65P08SCAZ05E7OCAL0PRC0CAOZ8USXCA1HXAXHCAQS7829CAZ2C2MECA9OVQVICAG7CH1WCA440693CAN3BT3R.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\OZS2XCA7XFZIBCAK9IWCRCAPX1V5NCA9GVE66CAID4W03CA45CW2GCA0HW9EZCAS3C6CCCADHLOZVCASY4JSMCAMVAGY0CAQSHKU1CAMK2HWFCAZO39ZGCA9K59X7CAMP5Q95CAFVGWZDCAE26AM0CAZJHEMUCA55LKSGCA375UYM.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\MOHF4CAZFRUTXCA3QP4JHCAHSSHNICAHX2IFUCA1MKIDVCA2502P7CA2KKNE4CAV6NEA2CACF9QEOCAZI5FBSCAOWHRUQCA31LTDXCAYHVQQTCA6Y780YCAJXRVG8CAMRYDJXCAWA5R58CAZH82ZXCARVFPZECANCG20CCAYEKS2G.htm
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Keat\Local Settings\Temp\Temporary Internet Files\Content.IE5\4QES12QJ\D0YWSCA03M55ECAQU6P9LCATPSP7WCAHBY53WCAQ6BKAQCAH34B2QCA2E3TV1CA4SW64DCAI8OKCACARDHVTDCAQ92JAYCA20IBLTCA5QD7CUCASSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xb9ece0b0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xb9ed3a92

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xb9ed3e20

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xb9ece090

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xb9ed3ef8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xb9ed3d78

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xb9ed3f8a

Stealth Objects
-------------------
Object: Hidden Module [Name: MSIVXjwykieteldbxishpkbpukgyvlmpuoikq.dll]
Process: svchost.exe (PID: 1028) Address: 0x10000000 Size: 61440

Object: Hidden Module [Name: LOG.Foundation.Private.DLL]
Process: MOM.exe (PID: 3656) Address: 0x00d60000 Size: 45056

Object: Hidden Module [Name: MOM.Implementation.DLL]
Process: MOM.exe (PID: 3656) Address: 0x00cc0000 Size: 118784

Object: Hidden Module [Name: LOG.Foundation.DLL]
Process: MOM.exe (PID: 3656) Address: 0x00cf0000 Size: 45056

Object: Hidden Module [Name: MOM.Foundation.DLL]
Process: MOM.exe (PID: 3656) Address: 0x00e90000 Size: 28672

Object: Hidden Module [Name: LOG.Foundation.Implementation.DLL]
Process: MOM.exe (PID: 3656) Address: 0x00d70000 Size: 69632

Object: Hidden Module [Name: LOG.Foundation.Implementation.Private.DLL]
Process: MOM.exe (PID: 3656) Address: 0x01100000 Size: 28672

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: MOM.exe (PID: 3656) Address: 0x01120000 Size: 307200

Object: Hidden Module [Name: CCC.Implementation.DLL]
Process: MOM.exe (PID: 3656) Address: 0x037b0000 Size: 36864

Object: Hidden Module [Name: NEWAEM.Foundation.DLL]
Process: MOM.exe (PID: 3656) Address: 0x037e0000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Client.Shared.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05550000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04eb0000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.Shared.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04c80000 Size: 28672

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x049f0000 Size: 36864

Object: Hidden Module [Name: LOCALIZATION.Foundation.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03920000 Size: 28672

Object: Hidden Module [Name: MOM.Foundation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00d40000 Size: 28672

Object: Hidden Module [Name: CCC.Implementation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00d10000 Size: 36864

Object: Hidden Module [Name: LOG.Foundation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00d30000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.Implementation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00d80000 Size: 69632

Object: Hidden Module [Name: LOG.Foundation.Implementation.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00d70000 Size: 28672

Object: Hidden Module [Name: CLI.Foundation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00d50000 Size: 69632

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: ccc.exe (PID: 3944) Address: 0x00db0000 Size: 307200

Object: Hidden Module [Name: LOG.Foundation.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x00e10000 Size: 45056

Object: Hidden Module [Name: CLI.Component.SkinFactory.DLL]
Process: ccc.exe (PID: 3944) Address: 0x038b0000 Size: 61440

Object: Hidden Module [Name: MOM.Implementation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03890000 Size: 118784

Object: Hidden Module [Name: CLI.Foundation.XManifest.DLL]
Process: ccc.exe (PID: 3944) Address: 0x038c0000 Size: 36864

Object: Hidden Module [Name: ATICCCom.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03a00000 Size: 45056

Object: Hidden Module [Name: CLI.Component.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03960000 Size: 77824

Object: Hidden Module [Name: AxInterop.WBOCXLib.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03940000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.Shared.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03950000 Size: 53248

Object: Hidden Module [Name: CLI.Foundation.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x039e0000 Size: 53248

Object: Hidden Module [Name: CLI.Component.Runtime.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x039f0000 Size: 28672

Object: Hidden Module [Name: AEM.Server.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03a10000 Size: 53248

Object: Hidden Module [Name: NEWAEM.Foundation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03a30000 Size: 36864

Object: Hidden Module [Name: Interop.WBOCXLib.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03b20000 Size: 36864

Object: Hidden Module [Name: LOCALIZATION.Foundation.Implementation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x03c80000 Size: 36864

Object: Hidden Module [Name: AEM.Server.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x042c0000 Size: 28672

Object: Hidden Module [Name: AEM.Plugin.DPPE.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x042e0000 Size: 28672

Object: Hidden Module [Name: AEM.Plugin.Source.Kit.Server.DLL]
Process: ccc.exe (PID: 3944) Address: 0x042d0000 Size: 53248

Object: Hidden Module [Name: AEM.Plugin.Hotkeys.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04300000 Size: 28672

Object: Hidden Module [Name: ATIDEMGX.dll]
Process: ccc.exe (PID: 3944) Address: 0x04510000 Size: 438272

Object: Hidden Module [Name: AEM.Plugin.WinMessages.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04330000 Size: 28672

Object: Hidden Module [Name: DEM.Graphics.I0601.DLL]
Process: ccc.exe (PID: 3944) Address: 0x044e0000 Size: 53248

Object: Hidden Module [Name: DEM.Graphics.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04450000 Size: 28672

Object: Hidden Module [Name: DEM.Foundation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04500000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04890000 Size: 61440

Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x049a0000 Size: 274432

Object: Hidden Module [Name: ATIDEMOS.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04a90000 Size: 77824

Object: Hidden Module [Name: DEM.Graphics.I0709.dll]
Process: ccc.exe (PID: 3944) Address: 0x04a30000 Size: 28672

Object: Hidden Module [Name: DEM.OS.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04a10000 Size: 28672

Object: Hidden Module [Name: DEM.OS.I0602.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04a00000 Size: 28672

Object: Hidden Module [Name: AEM.Plugin.GD.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04a80000 Size: 28672

Object: Hidden Module [Name: AEM.Actions.CCAA.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04a60000 Size: 28672

Object: Hidden Module [Name: DEM.Graphics.I0804.dll]
Process: ccc.exe (PID: 3944) Address: 0x04ad0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04c30000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04c50000 Size: 77824

Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04c40000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04d10000 Size: 86016

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04cb0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.CustomFormats.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04ca0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04c90000 Size: 53248

Object: Hidden Module [Name: DEM.Graphics.I0706.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04cf0000 Size: 28672

Object: Hidden Module [Name: DEM.Graphics.I0805.dll]
Process: ccc.exe (PID: 3944) Address: 0x04cd0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04d00000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04d30000 Size: 77824

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04db0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04d70000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04d80000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04d90000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04dc0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04e30000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04de0000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04e10000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04e00000 Size: 45056

Object: Hidden Module [Name: DEM.Graphics.I0712.dll]
Process: ccc.exe (PID: 3944) Address: 0x04e70000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04e50000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04e90000 Size: 36864

Object: Hidden Module [Name: DEM.Graphics.I0703.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04f00000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.OverDrive5.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04ed0000 Size: 86016

Object: Hidden Module [Name: CLI.Aspect.OverDrive5.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04f10000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04f50000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04f70000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Runtime.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04fb0000 Size: 86016

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x04fe0000 Size: 61440

Object: Hidden Module [Name: APM.Foundation.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05140000 Size: 28672

Object: Hidden Module [Name: APM.Server.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05120000 Size: 69632

Object: Hidden Module [Name: CLI.Component.Runtime.Extension.EEU.DLL]
Process: ccc.exe (PID: 3944) Address: 0x053a0000 Size: 28672

Object: Hidden Module [Name: AEM.Plugin.EEU.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x054b0000 Size: 28672

Object: Hidden Module [Name: CLI.Component.Systemtray.DLL]
Process: ccc.exe (PID: 3944) Address: 0x054d0000 Size: 495616

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x058d0000 Size: 102400

Object: Hidden Module [Name: CLI.Component.Wizard.Shared.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05710000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Client.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x056e0000 Size: 28672

Object: Hidden Module [Name: CLI.Component.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05660000 Size: 405504

Object: Hidden Module [Name: CLI.Component.Wizard.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x056d0000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05700000 Size: 53248

Object: Hidden Module [Name: Branding.dll]
Process: ccc.exe (PID: 3944) Address: 0x05820000 Size: 28672

Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05730000 Size: 28672

Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.Private.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05750000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05780000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05760000 Size: 86016

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x057c0000 Size: 233472

Object: Hidden Module [Name: CLI.Aspect.Welcome.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05790000 Size: 143360

Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05830000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.TransCode.Graphics.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05850000 Size: 495616

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05c30000 Size: 217088

Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05a90000 Size: 1699840

Object: Hidden Module [Name: atixclib.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05c90000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.TransCode.Graphics.Shared.DLL]
Process: ccc.exe (PID: 3944) Address: 0x05c70000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Wizard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x062c0000 Size: 413696

Object: Hidden Module [Name: CLI.Component.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06330000 Size: 1044480

Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06630000 Size: 454656

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x066d0000 Size: 446464

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x066a0000 Size: 135168

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06740000 Size: 462848

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x067c0000 Size: 364544

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06820000 Size: 602112

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06990000 Size: 823296

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06a60000 Size: 118784

Object: Hidden Module [Name: CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL]
Process: ccc.exe (PID: 3944) Address: 0x06a80000 Size: 684032

Object: Hidden Module [Name: MSIVXwcktjpppdsqdnehnoilpgnhvibolodgq.dll]
Process: firefox.exe (PID: 1808) Address: 0x10000000 Size: 241664

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8ac551e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x898461e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8acb61e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a0a71e8 Size: 463

Object: Hidden Code [Driver: iastor, IRP_MJ_CREATE]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: iastor, IRP_MJ_CLOSE]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: iastor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: iastor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: iastor, IRP_MJ_POWER]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: iastor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: iastor, IRP_MJ_PNP]
Process: System Address: 0x8acb51e8 Size: 386

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a04f8e8 Size: 194

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8acb71e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_CREATE]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_CLOSE]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_POWER]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: avpj1atpࠅ
䵃慖ࠁం浍瑓裀ᓷ, IRP_MJ_PNP]
Process: System Address: 0x89f431e8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89814980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89814980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89814980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89814980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89814980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89814980 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a0901e8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89884980 Size: 382

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_CREATE]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_CLOSE]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_READ]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_CLEANUP]
Process: System Address: 0x89849980 Size: 463

Object: Hidden Code [Driver: Cdfsȅః瑎て, IRP_MJ_PNP]
Process: System Address: 0x89849980 Size: 463

Hidden Services
-------------------
Service Name: MSIVXserv.sys
Image Path: C:\WINDOWS\system32\drivers\MSIVXxswlapyapxepwvsvuoedhbajxfgljunb.sys

==EOF==

Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\system32\MSIVXcount
C:\WINDOWS\system32\MSIVXjwykieteldbxishpkbpukgyvlmpuoikq.dll
C:\WINDOWS\system32\MSIVXwcktjpppdsqdnehnoilpgnhvibolodgq.dll
C:\WINDOWS\system32\drivers\MSIVXxswlapyapxepwvsvuoedhbajxfgljunb.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer


Now please run MBAM..

Thanks boop,

Here's the log from MBAM:

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

6/24/2009 3:38:13 AM
mbam-log-2009-06-24 (03-38-13).txt

Scan type: Quick Scan
Objects scanned: 98524
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91f13d63-6c6a-472b-a289-c1df3b5ed3ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{91f13d63-6c6a-472b-a289-c1df3b5ed3ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{91f13d63-6c6a-472b-a289-c1df3b5ed3ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{91f13d63-6c6a-472b-a289-c1df3b5ed3ba}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSIVXjwykieteldbxishpkbpukgyvlmpuoikq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSIVXwcktjpppdsqdnehnoilpgnhvibolodgq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\MSIVXxswlapyapxepwvsvuoedhbajxfgljunb.sys (Trojan.Agent) -> Quarantined and deleted successfully.

You're welcome Tristes.. We gots lotsa ugliness left.

A BOT Trojan can allow an attacker to
gain control of the system, log keystrokes, steal passwords, access personal
data, send malevolent outgoing traffic, and close the security warning
messages displayed by some anti-virus and security programs.

I would advise you to disconnect this PC from the Internet, and then go to
a known clean computer and change any passwords or security information held
on the infected computer. In particular, check whatever relates to online
banking financial transactions, shopping, credit cards, or sensitive
personal information. It is also wise to contact your financial institutions
to apprise them of your situation.

Open MBAM in normal mode and click Update tab, select Check for Updates Now close it.

Now we will work on the DNS changer,,,,
Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE.

Rerun MBAM
Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.


Please download and scan with SUPERAntiSpyware Free

• Double-click SUPERAntiSypware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
• In the Main Menu, click the Preferences... button.
• Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
• Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen and exit the program.
• Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:

• Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes" and reboot normally.
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post back the MBAM and SAS logs...How is it running now..

Edited by boopme, 23 June 2009 - 02:38 PM.