InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : A bunch of Trojans found all of a sudden? |
|
Answer» Quote Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)Please defrag your C drive soon. If you need help with this, please let me know. (SSD means Solid State Drive.) Please download MiniToolBox to Desktop and run it. Please read here for more information about WildTangent. Your choice if you want to remove it or not. If you choose to follow my advice, please follow these instructions. Go to Start > Control Panel > Add/Remove Programs and remove the following programs. •WildTangent Web Driveror anything related to WildTangent. ******************************************************* Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following. Re-running ComboFix to remove infections:
Quote Are there any other security toolbars you recommend?I'm not really a supporter of toolbars. They just take up resources. SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a FOLDER on your desktop.
ComboFix 13-04-09.01 - Michael 04/09/2013 15:44:47.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -5:00] Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Authentium Antivirus *Enabled/Updated* {A4E803B3-4E6E-4271-B1CD-56FBC0992D36} AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: EarthLink Anti-virus *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: EarthLink Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89} * Resident AV is active . . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-03-29 16:50 . 2013-03-29 17:57--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2013-03-29 16:45 . 2013-03-29 16:45--------d-----w-c:\documents and settings\Michael\Application Data\Windows Desktop Search 2013-03-29 16:43 . 2013-03-29 16:43--------d-----w-c:\program files\Windows Desktop Search 2013-03-18 16:34 . 2013-03-18 16:34--------d-----w-c:\program files\7-Zip . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-01 04:37 . 2012-10-18 20:3333624----a-w-c:\windows\system32\drivers\avgtpx86.sys 2013-03-17 16:04 . 2012-04-03 02:52693976----a-w-c:\windows\system32\FlashPlayerApp.exe 2013-03-17 16:04 . 2011-05-15 23:0373432----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-01 15:32 . 2012-09-21 08:4522328----a-w-c:\windows\system32\drivers\avgidsshimx.sys 2013-02-27 04:40 . 2012-09-13 08:11208184----a-w-c:\windows\system32\drivers\avgidsdriverx.sys 2013-02-14 08:52 . 2012-09-21 08:46182072----a-w-c:\windows\system32\drivers\avgtdix.sys 2013-02-08 09:37 . 2012-10-05 08:2696568----a-w-c:\windows\system32\drivers\avgmfx86.sys 2013-02-08 09:37 . 2012-09-21 08:46245048----a-w-c:\windows\system32\drivers\avglogx.sys 2013-02-08 09:37 . 2012-09-21 08:4560216----a-w-c:\windows\system32\drivers\avgidshx.sys 2013-02-08 09:37 . 2012-10-02 08:30170808----a-w-c:\windows\system32\drivers\avgldx86.sys 2013-02-08 09:37 . 2012-09-14 08:0539224----a-w-c:\windows\system32\drivers\avgrkx86.sys 2013-02-04 22:17 . 2013-02-04 22:198192----a-w-c:\windows\system32\E_DCINST.DLL 2013-02-04 22:17 . 2013-02-04 22:1981408----a-w-c:\windows\system32\E_TD4BIUE.DLL 2013-02-04 22:17 . 2013-02-04 22:1995232----a-w-c:\windows\system32\E_TLBIUE.DLL 2013-02-03 14:37 . 2013-02-03 14:36249856------w-c:\windows\Setup1.exe 2013-02-03 14:37 . 2013-02-03 14:3673216----a-w-c:\windows\ST6UNST.EXE . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2012-09-18 19:514756880----a-w-c:\program files\MozyHome\mozyshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2012-09-18 19:514756880----a-w-c:\program files\MozyHome\mozyshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2005-10-29 25600] "cdloader"="c:\documents and settings\Michael\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400] "FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360] "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] . c:\documents and settings\Michael\Start Menu\Programs\Startup\AutorunsDisabled Shortcut to TeaTimer.lnk - c:\program files\Spybot - Search & Destroy\TeaTimer.exe [2006-9-24 2260480] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-7-27 25214] Adobe Acrobat Speed Launcher.lnk.disabled [2008-12-7 2335] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Microsoft Office.lnk.disabled [2007-4-15 1725] MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL] 2005-12-23 02:08450646----a-w-c:\windows\system32\PRISMAPI.dll . [HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\session manager] BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-12-14 22:49824232----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Motive SmartBridge"=c:\recycler\S-1-5-21-1703037801-221494611-3155105034-1005\Dc1392\SmartBridge\MotiveSB.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "CTHelper"=CTHELPER.EXE "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" "ehTray"=c:\windows\ehome\ehtray.exe "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "SigmatelSysTrayApp"=stsystra.exe "UpdReg"=c:\windows\UpdReg.EXE "CTxfiHlp"=CTXFIHLP.EXE "FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" /s "SansaDispatch"=c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray "15182034"=c:\documents and settings\All Users\Application Data\15182034\15182034.exe "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "Logitech Utility"=Logi_MwX.Exe "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "c:\program files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"= "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Final DOOM for Windows 95\\Doom95.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"= "c:\\Program Files\\Play65\\Play65.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"= "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"= "c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"= "c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Doom 3\\Doom3.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 60216] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 245048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 39224] R0 GRFILTER;CS NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [7/11/2005 9:36 AM 15548] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 170808] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 182072] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/18/2012 3:33 PM 33624] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 6:07 PM 759048] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 3:00 PM 539744] R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2/4/2013 5:23 PM 122000] R2 GRTdiMon;GR TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [7/11/2005 9:38 AM 20480] R2 NProtectService;Norton Unerase PROTECTION;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/31/2004 12:52 AM 95328] R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/16/2006 2:46 PM 61526] R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG SECURE Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/31/2013 11:38 PM 990896] S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [12/2/2012 11:54 PM 283600] S2 gupdate1c993a82f1ae125;Google Update Service (gupdate1c993a82f1ae125);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 5:11 PM 133104] S3 gsplittm;gsplittm;\??\c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys [?] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/20/2011 1:21 PM 39048] S4 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?] S4 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-29 16:281642448----a-w-c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Convert link target to Adobe PDF IE: Convert link target to existing PDF IE: Convert selected links to Adobe PDF IE: Convert selected links to existing PDF IE: Convert selection to Adobe PDF IE: Convert selection to existing PDF IE: Convert to Adobe PDF IE: Convert to existing PDF TCP: DhcpNameServer = 192.168.1.254 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\p7x50nmm.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [emailprotected] - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-09 16:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2320) c:\windows\system32\WININET.dll c:\program files\MozyHome\mozyshell.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Common Files\Command Software\dvpapi.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\PRISMSVR.EXE c:\windows\system32\fxssvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe c:\windows\SYSTEM32\CTXFISPI.EXE . ************************************************************************** . Completion time: 2013-04-09 16:25:49 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-09 21:25 ComboFix2.txt 2013-04-06 14:50 . Pre-Run: 12,811,644,928 bytes free Post-Run: 12,596,494,336 bytes free . - - End Of File - - 8671190CECF3A3D944374E3E693D863A What things should I check on MiniToolBox? All of them? As I said, I'm going to defrag once this gets cleared up. I do not see anything mentioning WildTangent in the add/remove programs list.Quote What things should I check on MiniToolBox? All of them?Please disregard MiniToolBox. I don't know how that got in there. Perhaps, I was rushing too much. Quote I do not see anything mentioning WildTangent in the add/remove programs list.Ok. It was installed with Program Files\\WildTangent\\Apps\\Dell Game Console Were you able to run Sysprot Antirootkit?Here's Sysprot's log: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\smss.exe PID: 592 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG2013\avgrsx.exe PID: 632 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgcsrvx.exe PID: 672 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\csrss.exe PID: 868 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\winlogon.exe PID: 896 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 940 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\lsass.exe PID: 952 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ati2evxx.exe PID: 1144 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1164 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1268 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1404 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1460 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1592 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1696 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spoolsv.exe PID: 1792 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1872 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PID: 1904 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PID: 1932 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgidsagent.exe PID: 1960 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgwdsvc.exe PID: 168 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\CTSVCCDA.EXE PID: 204 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Command Software\dvpapi.exe PID: 224 Hidden: No Window Visible: No Name: C:\WINDOWS\ehome\ehrecvr.exe PID: 248 Hidden: No Window Visible: No Name: C:\WINDOWS\ehome\ehSched.exe PID: 280 Hidden: No Window Visible: No Name: C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe PID: 304 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\escsvc.exe PID: 456 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgnsx.exe PID: 840 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgemcx.exe PID: 860 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PID: 1436 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jqs.exe PID: 2140 Hidden: No Window Visible: No Name: C:\Program Files\MozyHome\mozybackup.exe PID: 2184 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2416 Hidden: No Window Visible: No Name: C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE PID: 2440 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2568 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\PnkBstrA.exe PID: 2592 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\PRISMSVC.exe PID: 2632 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2760 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2880 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe PID: 2960 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\fxssvc.exe PID: 3020 Hidden: No Window Visible: No Name: C:\WINDOWS\ehome\mcrdsvc.exe PID: 3072 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\dllhost.exe PID: 3468 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\alg.exe PID: 3892 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgsrmax.exe PID: 4056 Hidden: No Window Visible: No Name: C:\WINDOWS\explorer.exe PID: 2876 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\PRISMSVR.exe PID: 2896 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wuauclt.exe PID: 3688 Hidden: No Window Visible: No Name: C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe PID: 3696 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\DLA\DLACTRLW.EXE PID: 3740 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe PID: 3788 Hidden: No Window Visible: No Name: C:\Program Files\HP\HP Software Update\hpwuschd2.exe PID: 1076 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG2013\avgui.exe PID: 4040 Hidden: No Window Visible: No Name: C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe PID: 3312 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe PID: 1180 Hidden: No Window Visible: No Name: C:\Program Files\EPSON Software\Event Manager\EEventManager.exe PID: 1628 Hidden: No Window Visible: No Name: C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe PID: 1564 Hidden: No Window Visible: No Name: C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe PID: 2080 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ctfmon.exe PID: 1956 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 2312 Hidden: No Window Visible: No Name: C:\Program Files\MozyHome\mozystat.exe PID: 1284 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\CTXFISPI.EXE PID: 1880 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 2556 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 2100 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 3796 Hidden: No Window Visible: No Name: C:\Documents and Settings\Michael\Desktop\SysProt\SysProt\SysProt.exe PID: 996 Hidden: No Window Visible: Yes ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \??\C:\Documents and Settings\Michael\Desktop\SysProt\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: B973D000 Module End: B9748000 Hidden: No Module Name: \WINDOWS\system32\ntkrnlpa.exe Service Name: --- Module Base: 804D7000 Module End: 806E5000 Hidden: No Module Name: \WINDOWS\system32\hal.dll Service Name: --- Module Base: 806E5000 Module End: 80705D00 Hidden: No Module Name: \WINDOWS\system32\KDCOM.DLL Service Name: --- Module Base: F79D2000 Module End: F79D4000 Hidden: No Module Name: \WINDOWS\system32\BOOTVID.dll Service Name: --- Module Base: F78E2000 Module End: F78E5000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ACPI.sys Service Name: ACPI Module Base: F73A3000 Module End: F73D1000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS Service Name: --- Module Base: F79D4000 Module End: F79D6000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pci.sys Service Name: PCI Module Base: F7392000 Module End: F73A3000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\isapnp.sys Service Name: isapnp Module Base: F74D2000 Module End: F74DC000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\pciide.sys Service Name: PCIIde Module Base: F7A9A000 Module End: F7A9B000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Service Name: --- Module Base: F7752000 Module End: F7759000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys Service Name: MountMgr Module Base: F74E2000 Module End: F74ED000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys Service Name: Disk Module Base: F7373000 Module End: F7392000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmload.sys Service Name: dmload Module Base: F79D6000 Module End: F79D8000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\dmio.sys Service Name: dmio Module Base: F734D000 Module End: F7373000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys Service Name: PartMgr Module Base: F775A000 Module End: F775F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys Service Name: VolSnap Module Base: F74F2000 Module End: F74FF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\atapi.sys Service Name: atapi Module Base: F7335000 Module End: F734D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\disk.sys Service Name: --- Module Base: F7502000 Module End: F750B000 Hidden: No Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Service Name: --- Module Base: F7512000 Module End: F751F000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: F7315000 Module End: F7335000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sr.sys Service Name: sr Module Base: F7303000 Module End: F7315000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS Service Name: DRVMCDB Module Base: F72ED000 Module End: F7303000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: F7522000 Module End: F752B000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys Service Name: KSecDD Module Base: F72D6000 Module End: F72ED000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys Service Name: WudfPf Module Base: F72C3000 Module End: F72D6000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys Service Name: Ntfs Module Base: F7236000 Module End: F72C3000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\NDIS.sys Service Name: NDIS Module Base: F7209000 Module End: F7236000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\Mup.sys Service Name: Mup Module Base: F71EF000 Module End: F7209000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\GRFILTER.sys Service Name: GRFILTER Module Base: F78E6000 Module End: F78EA000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\avgrkx86.sys Service Name: Avgrkx86 Module Base: F7532000 Module End: F753D000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\avglogx.sys Service Name: Avglogx Module Base: F71B0000 Module End: F71EF000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\avgmfx86.sys Service Name: Avgmfx86 Module Base: F7196000 Module End: F71B0000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\avgidshx.sys Service Name: AVGIDSHX Module Base: F7185000 Module End: F7196000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: F7722000 Module End: F772B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Service Name: ati2mtag Module Base: F6AF9000 Module End: F6DBF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Service Name: --- Module Base: F6AE5000 Module End: F6AF9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Service Name: HDAudBus Module Base: F6ABD000 Module End: F6AE5000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: F784A000 Module End: F7850000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: F6A99000 Module End: F6ABD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: F7852000 Module End: F785A000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys Service Name: HSFHWBS2 Module Base: F6A65000 Module End: F6A99000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys Service Name: --- Module Base: F6A42000 Module End: F6A65000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys Service Name: HSF_DP Module Base: F6943000 Module End: F6A42000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys Service Name: winachsf Module Base: F689C000 Module End: F6943000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS Service Name: Modem Module Base: F785A000 Module End: F7862000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys Service Name: E100B Module Base: F6876000 Module End: F689C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys Service Name: Imapi Module Base: F7732000 Module End: F773D000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS Service Name: DLACDBHM Module Base: F79FA000 Module End: F79FC000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys Service Name: Cdrom Module Base: F7742000 Module End: F7752000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys Service Name: redbook Module Base: F7552000 Module End: F7561000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys Service Name: audstub Module Base: F7BFD000 Module End: F7BFE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: F7562000 Module End: F756F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: F79BE000 Module End: F79C1000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: F685F000 Module End: F6876000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: F7572000 Module End: F757D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: F7582000 Module End: F758E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: F7862000 Module End: F7867000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys Service Name: PSched Module Base: F684E000 Module End: F685F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys Service Name: Gpc Module Base: F7592000 Module End: F759B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys Service Name: Ptilink Module Base: F786A000 Module End: F786F000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys Service Name: Raspti Module Base: F7872000 Module End: F7877000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: F681E000 Module End: F684E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: F75A2000 Module End: F75AC000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Service Name: Kbdclass Module Base: F787A000 Module End: F7880000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys Service Name: Mouclass Module Base: F7882000 Module End: F7888000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: F79FC000 Module End: F79FE000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\update.sys Service Name: Update Module Base: F67C0000 Module End: F681E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: F7148000 Module End: F714C000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: F75B2000 Module End: F75BC000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sthda.sys Service Name: STHDA Module Base: EE749000 Module End: EE776000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\portcls.sys Service Name: --- Module Base: EE725000 Module End: EE749000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\drmk.sys Service Name: --- Module Base: F75E2000 Module End: F75F1000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sigfilt.sys Service Name: sigfilt Module Base: EE53B000 Module End: EE685000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: F7602000 Module End: F7611000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: F7A00000 Module End: F7A02000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Service Name: i2omgmt Module Base: F6DD3000 Module End: F6DD6000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mozy.sys Service Name: mozyFilter Module Base: EE528000 Module End: EE53B000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS Service Name: cdrbsdrv Module Base: F6DCB000 Module End: F6DCF000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: F7A02000 Module End: F7A04000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Null.SYS Service Name: Null Module Base: F7ADA000 Module End: F7ADB000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS Service Name: Beep Module Base: F7A06000 Module End: F7A08000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS Service Name: DLARTL_N Module Base: F789A000 Module End: F78A0000 Hidden: No Module Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys Service Name: avgtp Module Base: F7612000 Module End: F761E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys Service Name: HidUsb Module Base: F6DBF000 Module End: F6DC2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Service Name: --- Module Base: F7632000 Module End: F763B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Service Name: --- Module Base: F78AA000 Module End: F78B1000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\vga.sys Service Name: VgaSave Module Base: F78B2000 Module End: F78B8000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS Service Name: mnmdd Module Base: F7A08000 Module End: F7A0A000 Hidden: No Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: F7A0A000 Module End: F7A0C000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: F78BA000 Module End: F78BF000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: F78C2000 Module End: F78CA000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: F797A000 Module End: F797D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys Service Name: IPSec Module Base: EE489000 Module End: EE49C000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys Service Name: Tcpip Module Base: EE430000 Module End: EE489000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\avgtdix.sys Service Name: Avgtdix Module Base: EE401000 Module End: EE430000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys Service Name: IpNat Module Base: EE3DB000 Module End: EE401000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: F7682000 Module End: F768B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Service Name: usbccgp Module Base: F78DA000 Module End: F78E2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys Service Name: NetBT Module Base: EE3B3000 Module End: EE3DB000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys Service Name: WS2IFSL Module Base: F799E000 Module End: F79A1000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\afd.sys Service Name: AFD Module Base: EE391000 Module End: EE3B3000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: F7692000 Module End: F769B000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\UimFIO.SYS Service Name: --- Module Base: EE2FF000 Module End: EE34D000 Hidden: No Module Name: \??\C:\WINDOWS\system32\Drivers\truecrypt.sys Service Name: truecrypt Module Base: EE2CF000 Module End: EE2FF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys Service Name: Rdbss Module Base: EE2A4000 Module End: EE2CF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Service Name: MRxSmb Module Base: EE234000 Module End: EE2A4000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS Service Name: Fips Module Base: F76B2000 Module End: F76BD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\avgldx86.sys Service Name: Avgldx86 Module Base: EE207000 Module End: EE234000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys Service Name: kbdhid Module Base: F79A6000 Module End: F79AA000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys Service Name: LHidFlt2 Module Base: F776A000 Module End: F7770000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys Service Name: mouhid Module Base: F79AA000 Module End: F79AD000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys Service Name: LMouFlt2 Module Base: F76C2000 Module End: F76D2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbscan.sys Service Name: usbscan Module Base: F79AE000 Module End: F79B2000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys Service Name: usbprint Module Base: F778A000 Module End: F7791000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Service Name: USBSTOR Module Base: F7792000 Module End: F7799000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys Service Name: AVGIDSShim Module Base: F77FA000 Module End: F7802000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys Service Name: AVGIDSDriver Module Base: EE1A7000 Module End: EE1DF000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS Service Name: Cdfs Module Base: EE715000 Module End: EE725000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: EE027000 Module End: EE03F000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F79EA000 Module End: F79EC000 Hidden: Yes Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys Service Name: --- Module Base: EE0AF000 Module End: EE0B2000 Hidden: No Module Name: C:\WINDOWS\System32\watchdog.sys Service Name: --- Module Base: F788A000 Module End: F788F000 Hidden: No Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys Service Name: --- Module Base: F7B21000 Module End: F7B22000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS Service Name: DRVNDDM Module Base: EE6E5000 Module End: EE6EF000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS Service Name: DLADResN Module Base: F7BC3000 Module End: F7BC4000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS Service Name: DLAIFS_M Module Base: EBCD1000 Module End: EBCE7000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS Service Name: DLAOPIOM Module Base: EBD57000 Module End: EBD5B000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS Service Name: DLAPoolM Module Base: F7A0C000 Module End: F7A0E000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS Service Name: DLABOIOM Module Base: F77B2000 Module End: F77B9000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS Service Name: DLAUDFAM Module Base: EBCB9000 Module End: EBCD1000 Hidden: No Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS Service Name: DLAUDF_M Module Base: EBCA3000 Module End: EBCB9000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys Service Name: AegisP Module Base: F77E2000 Module End: F77E7000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\GRTdiMon.sys Service Name: GRTdiMon Module Base: EE685000 Module End: EE68E000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: EBC73000 Module End: EBC77000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Service Name: MRxDAV Module Base: EBA1E000 Module End: EBA4B000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\css-dvp.sys Service Name: CSS DVP Module Base: EB83D000 Module End: EB906000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS Service Name: Fastfat Module Base: EB819000 Module End: EB83D000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys Service Name: dsunidrv Module Base: F7A90000 Module End: F7A92000 Hidden: No Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys Service Name: HTTP Module Base: EB508000 Module End: EB549000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys Service Name: mdmxsdk Module Base: EB4BC000 Module End: EB4BF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys Service Name: Srv Module Base: EB2B5000 Module End: EB30D000 Hidden: No Module Name: \??\C:\WINDOWS\system32\drivers\pmemnt.sys Service Name: PMEM Module Base: F7A4E000 Module End: F7A50000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys Service Name: Secdrv Module Base: EB5D9000 Module End: EB5E3000 Hidden: No Module Name: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys Service Name: symlcbrd Module Base: F781A000 Module End: F7820000 Hidden: No Module Name: \??\C:\Program Files\Symantec\SYMEVENT.SYS Service Name: SymEvent Module Base: BA501000 Module End: BA51A000 Hidden: No Module Name: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS Service Name: NPDriver Module Base: EB5A9000 Module End: EB5B2000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys Service Name: wdmaud Module Base: BA474000 Module End: BA489000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys Service Name: sysaudio Module Base: EB681000 Module End: EB690000 Hidden: No Module Name: C:\WINDOWS\system32\drivers\ctusfsyn.sys Service Name: CTUSFSYN Module Base: BA3FF000 Module End: BA426000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys Service Name: ossrv Module Base: BA3CD000 Module End: BA3FF000 Hidden: No Module Name: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys Service Name: ctsfm2k Module Base: BA3A6000 Module End: BA3CD000 Hidden: No ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwNotifyChangeKey Address: F77FB5D0 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwNotifyChangeMultipleKeys Address: F77FB700 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwOpenProcess Address: F77FB010 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwQueryValueKey Address: F76131C4 Driver Base: F7612000 Driver End: F761E000 Driver Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys Function Name: ZwSuspendProcess Address: F77FB300 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwSuspendThread Address: F77FB3E0 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwTerminateProcess Address: F77FB120 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwTerminateThread Address: F77FB210 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys Function Name: ZwWriteVirtualMemory Address: F77FB4D0 Driver Base: F77FA000 Driver End: F7802000 Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys ****************************************************************************************** ****************************************************************************************** Kernel Hooks: Hooked Function: ZwWriteFile At Address: 8057CF10 Jump To: 86CC66CC Module Name: _unknown_ Hooked Function: ZwSetSystemInformation At Address: 8060FD24 Jump To: 86AFEE54 Module Name: _unknown_ Hooked Function: ZwSetInformationFile At Address: 8057B02E Jump To: 86CF86CC Module Name: _unknown_ Hooked Function: ZwCreateSection At Address: 805AB3D0 Jump To: 86A9C01C Module Name: _unknown_ Hooked Function: ObCloseHandle At Address: 805BC533 Jump To: 86CF8A8C Module Name: _unknown_ ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\All Users\Documents\Back up Sony for Jen\indio\http--rds.yahoo.com-_ylt=A0geupmWNU5ELWwAZ5BXNyoA;_ylu=X3oDMTE3aGc3ajFkBGNvbG8DZQRsA1dTMQRwb3MDMTYEc2VjA3NyBHZ0aWQDREZYNV8zMA---SIG=11n1sg7eu-EXP=1146062614-http--www.godalrighty.com Status: Hidden Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\4.2.0.17 Status: Access denied Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\4.2.0.28 Status: Access denied Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\PSNData Status: Access denied Object: C:\Documents and Settings\Michael\Desktop\Temp\Documents and Settings\Mike\Application Data\Microsoft\Address Book\Mike.wab Status: Access denied Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\(1988) Frank Zappa - 51 - You can't do that on stage anymore Vol. 1 [256]\disc1\Frank Zappa - 08 - Let's make the water turn black x Harry, you're a beast x The Orange County lum Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 01 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 02 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 03 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 04 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 05 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 06 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 07 - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 20 ye Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 01 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 02 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 03 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 04 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 05 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 06 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 07 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 08 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 09 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 10 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 20 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 01 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 02 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 03 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 04 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 05 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 06 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 07 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 08 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 09 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 10 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 20 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa - Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 12 - Advanced study - World pop dominat Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(----) Frank Zappa - Cucamonga years - The early works of Frank Zappa (1962-1964) [128]\Frank Zappa - 03 - Baby Ray and the Ferns - World's greatest sinner (19 Status: Hidden Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Maynard Ferguson - The Complete Maynard Ferguson on Roulette\The Complete Maynard Ferguson on Roulette Vol. 08\Maynard Ferguson - 04 - My Sweetie Went Away, She Didn't Say Where, When, Or Wh Status: Hidden Object: C:\Qoobox\BackEnv\AppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cache.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\History.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Music.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Personal.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Programs.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Recent.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SetPath.bat Status: Access denied Object: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SysPath.dat Status: Access denied Object: C:\Qoobox\BackEnv\Templates.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\VikPev00 Status: Access denied Object: C:\RECYCLER\S-1-5-21-1703037801-221494611-3155105034-1005\Dc4541\Mike\Application Data\3M\PDNotes\PSNData Status: Access denied So WildTangent's ok? Quote So WildTangent's ok?I wouldn't have it on my computer but it's in a lot of reputable downloads so they may have cleaned up their act. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt |
|