I was running bit comet a while back but thought I had uninstalled it. I looked at all my programs and saw myplayer and xvid. Those were two programs I didn't recognize and didn't remember installing intentionally. So I removed those two as well. Are these the p2p's you were talking about or are there others that I am missing? Here are the logs from combofix and sysprot logs:
ComboFix 11-01-01.01 - Dad 01/01/2011 20:01:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1184 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\commy.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
FW: Outpost Firewall *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Google\Update\GoogleUpdate.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GUPDATE
-------\Service_gupdate
((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.
2011-01-02 00:15 . 2011-01-02 00:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-01-01 18:11 . 2011-01-01 18:12 -------- d-----w- C:\commy
2010-12-31 03:38 . 2010-12-31 03:38 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-31 03:38 . 2010-12-31 03:38 -------- d-----w- c:\program files\Trend Micro
2010-12-31 03:22 . 2010-12-31 03:22 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-31 03:22 . 2010-12-31 03:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-31 00:39 . 2010-12-31 00:39 -------- d-----w- c:\program files\CCleaner
2010-12-31 00:11 . 2009-04-06 16:37 704384 ------w- c:\windows\system32\drivers\SandBox.sys
2010-12-31 00:11 . 2009-02-10 21:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-12-31 00:10 . 2009-02-18 22:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-12-31 00:10 . 2010-12-31 00:10 -------- d-----w- c:\program files\Agnitum
2010-12-31 00:09 . 2010-12-31 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-12-30 23:03 . 2010-12-30 23:48 -------- d-----w- c:\documents and settings\Dad\Application Data\OnlineArmor
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-30 01:17 . 2010-12-30 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-30 01:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 20:25 . 2010-12-29 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-29 20:25 . 2010-12-29 20:25 -------- d-----w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2010-12-29 20:21 . 2010-12-29 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-29 02:10 . 2010-12-29 02:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-28 05:36 . 2010-12-28 05:36 -------- d-----w- c:\program files\iPod
2010-12-28 05:36 . 2010-12-28 05:37 -------- d-----w- c:\program files\iTunes
2010-12-28 01:03 . 2010-12-28 01:03 -------- d-----w- c:\program files\ESET
2010-12-28 00:08 . 2010-12-28 00:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-28 00:06 . 2010-12-28 05:35 -------- d-----w- c:\program files\QuickTime
2010-12-27 04:56 . 2010-12-28 00:06 -------- d-s---w- c:\documents and settings\Administrator
2010-12-26 15:57 . 2010-12-28 00:07 -------- d-----w- c:\documents and settings\Dad\Application Data\Intelli-studio
2010-12-26 15:57 . 2010-12-26 15:57 -------- d-----w- c:\program files\Samsung
2010-12-26 03:27 . 2010-12-26 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-26 03:24 . 2010-12-26 03:24 -------- d-----w- c:\program files\Apple Software Update
2010-12-26 03:22 . 2010-12-26 03:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-26 03:22 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-26 03:22 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-16 00:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:59 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 07:28 . 2010-12-13 07:28 -------- d-----w- c:\documents and settings\Mom\Application Data\vShare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 03:22 . 2007-06-25 04:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2005-12-31 00:38 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 22:52 . 2010-11-08 22:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-08 22:03 . 2010-11-08 22:03 1 ----a-w- c:\documents and settings\Dad\SI.bin
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-12-28_04.49.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-01-02 01:15 . 2011-01-02 01:15 16384 c:\windows\temp\Perflib_Perfdata_fc.dat
+ 2007-05-30 13:14 . 2010-12-30 20:53 53248 c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
+ 2010-12-28 05:37 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-12-25 23:20 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2004-08-04 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\dllcache\scardsvr.exe
+ 2011-01-02 00:15 . 2011-01-02 00:15 28160 c:\windows\Installer\af7f2.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22 157472 c:\windows\system32\javaws.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 145184 c:\windows\system32\javaw.exe
+ 2010-12-31 03:22 . 2010-12-31 03:22 145184 c:\windows\system32\java.exe
+ 2008-12-25 23:20 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
- 2008-12-25 23:20 . 2008-04-17 18:12 107368 c:\windows\system32\GEARAspi.dll
+ 2005-12-30 19:08 . 2010-12-30 00:52 162728 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-28 05:37 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
- 2006-01-02 02:07 . 2006-01-02 02:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2006-01-02 02:07 . 2010-12-31 00:39 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-12-31 00:10 . 2010-12-31 00:10 228352 c:\windows\Installer\bdeb7.msi
+ 2010-12-31 03:22 . 2010-12-31 03:22 180224 c:\windows\Installer\290323.msi
+ 2010-12-31 03:21 . 2010-12-31 03:21 675840 c:\windows\Installer\29031c.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38 380928 c:\windows\Installer\{881F5DE8-9367-4B81-A325-E91BBC6472F9}\iTunesIco.exe
+ 2011-01-02 00:20 . 2011-01-02 00:20 2283008 c:\windows\Installer\af7f9.msi
+ 2010-12-28 05:38 . 2010-12-28 05:38 6248448 c:\windows\Installer\85f1f.msi
+ 2010-12-31 03:38 . 2010-12-31 03:38 1094656 c:\windows\Installer\60073.msi
+ 2011-01-01 19:23 . 2011-01-01 19:23 3141632 c:\windows\Installer\1b6cd7.msi
+ 2011-01-01 19:21 . 2011-01-01 19:21 1568768 c:\windows\Installer\1b6cd3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-14 7110656]
"nwiz"="nwiz.exe" [2005-10-14 1519616]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-14 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-3-8 450560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1136251813\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 -c--a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2003-11-20 19:08 57344 ----a-w- c:\windows\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-14 02:15 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 14:13 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-08 22:02 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1136251813\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"d:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17779:TCP"= 17779:TCP:BitComet 17779 TCP
"17779:UDP"= 17779:UDP:BitComet 17779 UDP
"27555:TCP"= 27555:TCP:BitComet 27555 TCP
"27555:UDP"= 27555:UDP:BitComet 27555 UDP
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/30/2010 7:11 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/30/2010 7:10 PM 1195008]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/30/2010 7:10 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/30/2010 7:11 PM 257432]
.
Contents of the 'Scheduled Tasks' folder
2010-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2011-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:05]
2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{181CDA17-A9FC-4BF4-A657-523B2F907238}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\jcftzkea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
[email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Photobucket Uploader em:version=1.3>:
[email protected] - %profile%\extensions\
[email protected].
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-01 21:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-01-01 21:54:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-02 02:54
ComboFix2.txt 2011-01-01 18:59
ComboFix3.txt 2010-12-28 04:53
Pre-Run: 19,995,639,808 bytes free
Post-Run: 20,288,434,176 bytes free
- - End Of File - - 445BB2A96DF1B67A2657218396346DE9
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AB867000
Module End: AB87F000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA624000
Module End: BA626000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: B2647A60
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwClose
Address: B262CBF0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwConnectPort
Address: B2649920
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateFile
Address: B2628F60
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateKey
Address: B2634090
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateProcess
Address: B26402B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateProcessEx
Address: B2640BB0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateSection
Address: B2627D10
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateSymbolicLinkObject
Address: B2633E40
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwCreateThread
Address: B263ED70
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDebugActiveProcess
Address: B264CF30
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteFile
Address: B2632B20
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteKey
Address: B2635900
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwDeleteValueKey
Address: B263C3A0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwLoadDriver
Address: B263DBB0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwMakeTemporaryObject
Address: B26336B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenFile
Address: B262BC10
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenKey
Address: B2634FC0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenProcess
Address: B2642CA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenSection
Address: B2628580
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwOpenThread
Address: B2642060
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwProtectVirtualMemory
Address: B2648DA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryDirectoryFile
Address: B262D8A0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryKey
Address: B2637750
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueryValueKey
Address: B2637FA0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwQueueApcThread
Address: B2646ED0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRenameKey
Address: B263B590
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwReplaceKey
Address: B2639500
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRequestPort
Address: B264BA50
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRequestWaitReplyPort
Address: B264BD70
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwRestoreKey
Address: B263AD20
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSaveKey
Address: B2639C80
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSaveKeyEx
Address: B263A4D0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSecureConnectPort
Address: B264A480
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetContextThread
Address: B2646440
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetInformationDebugObject
Address: B264D520
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetInformationFile
Address: B262EBF0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetSystemInformation
Address: B263D1C0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSetValueKey
Address: B2638820
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSuspendProcess
Address: B2645190
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSuspendThread
Address: B2645AC0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwSystemDebugControl
Address: B264C770
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwTerminateProcess
Address: B2643790
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwTerminateThread
Address: B2644620
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwUnloadDriver
Address: B263E530
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
Function Name: ZwWriteVirtualMemory
Address: B26482B0
Driver Base: B2627000
Driver End: B26D2000
Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\01\17-{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}-v1-{9A
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\19\19-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v19-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\20\20-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v20-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\21\21-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v21-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\22\22-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v22-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\23\23-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v23-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DD90A0EE-9B81-73C0-A04B-78263A3A0EA5}\24\24-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v24-{9
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\01\133-{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}-v1-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\25\25-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v25-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\26\26-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v26-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\27\27-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v27-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\28\28-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v28-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\29\29-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v29-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{F3EE0ED9-C1D2-A6A7-6495-8BA6080A9C5D}\30\30-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v30-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\01\175-{DF1CC13D-E369-D39A-EF88-06A16758991A}-v1-{
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\45\169-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v45-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\46\46-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v46-{
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\47\170-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v47-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\49\171-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v49-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\51\172-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v51-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\52\173-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v52-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{DF1CC13D-E369-D39A-EF88-06A16758991A}\53\174-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v53-
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\01\188-{19BACEC6-6B29-A09D-33F2-4C8B1C206683}-v1-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\11\11-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v11-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\11\11-{A687D1DB-86D3-42DD-B993-89979A706CED}-v11-{A687D1D
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\12\12-{A687D1DB-86D3-42DD-B993-89979A706CED}-v12-{A687D1D
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\12\177-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v12-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\13\13-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v13-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\13\181-{A687D1DB-86D3-42DD-B993-89979A706CED}-v13-{9AD5F1
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\14\14-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v14-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\15\15-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v15-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\16\16-{9AD5F18B-0CD8-4AD2-AA1B-0B86F91885DB}-v16-{9AD5F18
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\21\21-{A687D1DB-86D3-42DD-B993-89979A706CED}-v21-{A687D1D
Status: Hidden
Object: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{19BACEC6-6B29-A09D-33F2-4C8B1C206683}\22\22-{A687D1DB-86D3-42DD-B993-89979A706CED}-v22-{A687D1D
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\RECYCLER\NPROTECT\00220634.
Status: Hidden