Author Topic: A bunch of Trojans found all of a sudden (Read 15655 times)

SuperDave · « **Reply #15 on:** April 06, 2013, 11:05:25 AM »

Quote

Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please defrag your C drive soon. If you need help with this, please let me know. (SSD means Solid State Drive.)

Please download MiniToolBox to Desktop and run it.

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
*******************************************************
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Firefox::
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: farmers.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: postoffice.net
Trusted Zone: zurich.com

DDS::
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: farmers.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: postoffice.net
Trusted Zone: zurich.com
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

******************************************

Quote

Are there any other security toolbars you recommend?

I'm not really a supporter of toolbars. They just take up resources.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Technoid · « **Reply #16 on:** April 09, 2013, 03:12:54 PM »

Here's ComboFix's log. It would have been much simpler to just explain how to get rid of the trusted sites list through the brower, especially since I never visit those sites..

ComboFix 13-04-09.01 - Michael 04/09/2013 15:44:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Authentium Antivirus *Enabled/Updated* {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: EarthLink Anti-virus *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: EarthLink Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 )))))))))))))))))))))))))))))))
.
.
2013-03-29 16:50 . 2013-03-29 17:57   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-03-29 16:45 . 2013-03-29 16:45   --------   d-----w-   c:\documents and settings\Michael\Application Data\Windows Desktop Search
2013-03-29 16:43 . 2013-03-29 16:43   --------   d-----w-   c:\program files\Windows Desktop Search
2013-03-18 16:34 . 2013-03-18 16:34   --------   d-----w-   c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 04:37 . 2012-10-18 20:33   33624   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
2013-03-17 16:04 . 2012-04-03 02:52   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-17 16:04 . 2011-05-15 23:03   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 15:32 . 2012-09-21 08:45   22328   ----a-w-   c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 04:40 . 2012-09-13 08:11   208184   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 08:52 . 2012-09-21 08:46   182072   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2013-02-08 09:37 . 2012-10-05 08:26   96568   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 09:37 . 2012-09-21 08:46   245048   ----a-w-   c:\windows\system32\drivers\avglogx.sys
2013-02-08 09:37 . 2012-09-21 08:45   60216   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
2013-02-08 09:37 . 2012-10-02 08:30   170808   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2013-02-08 09:37 . 2012-09-14 08:05   39224   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2013-02-04 22:17 . 2013-02-04 22:19   8192   ----a-w-   c:\windows\system32\E_DCINST.DLL
2013-02-04 22:17 . 2013-02-04 22:19   81408   ----a-w-   c:\windows\system32\E_TD4BIUE.DLL
2013-02-04 22:17 . 2013-02-04 22:19   95232   ----a-w-   c:\windows\system32\E_TLBIUE.DLL
2013-02-03 14:37 . 2013-02-03 14:36   249856   ------w-   c:\windows\Setup1.exe
2013-02-03 14:37 . 2013-02-03 14:36   73216   ----a-w-   c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 19:51   4756880   ----a-w-   c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 19:51   4756880   ----a-w-   c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-10-29 25600]
"cdloader"="c:\documents and settings\Michael\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\AutorunsDisabled
Shortcut to TeaTimer.lnk - c:\program files\Spybot - Search & Destroy\TeaTimer.exe [2006-9-24 2260480]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-7-27 25214]
Adobe Acrobat Speed Launcher.lnk.disabled [2008-12-7 2335]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Microsoft Office.lnk.disabled [2007-4-15 1725]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 02:08   450646   ----a-w-   c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-12-14 22:49   824232   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Motive SmartBridge"=c:\recycler\S-1-5-21-1703037801-221494611-3155105034-1005\Dc1392\SmartBridge\MotiveSB.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"CTHelper"=CTHELPER.EXE
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SigmatelSysTrayApp"=stsystra.exe
"UpdReg"=c:\windows\UpdReg.EXE
"CTxfiHlp"=CTXFIHLP.EXE
"FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" /s
"SansaDispatch"=c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray
"15182034"=c:\documents and settings\All Users\Application Data\15182034\15182034.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Logitech Utility"=Logi_MwX.Exe
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "c:\program files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Final DOOM for Windows 95\\Doom95.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Play65\\Play65.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 39224]
R0 GRFILTER;CS NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [7/11/2005 9:36 AM 15548]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/18/2012 3:33 PM 33624]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 6:07 PM 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 3:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2/4/2013 5:23 PM 122000]
R2 GRTdiMon;GR TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [7/11/2005 9:38 AM 20480]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/31/2004 12:52 AM 95328]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/16/2006 2:46 PM 61526]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/31/2013 11:38 PM 990896]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [12/2/2012 11:54 PM 283600]
S2 gupdate1c993a82f1ae125;Google Update Service (gupdate1c993a82f1ae125);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 5:11 PM 133104]
S3 gsplittm;gsplittm;\??\c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/20/2011 1:21 PM 39048]
S4 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S4 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 16:28   1642448   ----a-w-   c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: Convert to existing PDF
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\p7x50nmm.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-09 16:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2320)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2013-04-09 16:25:49 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-09 21:25
ComboFix2.txt 2013-04-06 14:50
.
Pre-Run: 12,811,644,928 bytes free
Post-Run: 12,596,494,336 bytes free
.
- - End Of File - - 8671190CECF3A3D944374E3E693D863A

What things should I check on MiniToolBox? All of them?

As I said, I'm going to defrag once this gets cleared up.

I do not see anything mentioning WildTangent in the add/remove programs list.

SuperDave · « **Reply #17 on:** April 09, 2013, 06:39:34 PM »

Quote

What things should I check on MiniToolBox? All of them?

Please disregard MiniToolBox. I don't know how that got in there. Perhaps, I was rushing too much.

Quote

I do not see anything mentioning WildTangent in the add/remove programs list.

Ok. It was installed with Program Files\\WildTangent\\Apps\\Dell Game Console

Were you able to run Sysprot Antirootkit?

Technoid · « **Reply #18 on:** April 20, 2013, 12:08:42 PM »

Here's Sysprot's log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 592
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 868
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 940
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1404
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1792
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1872
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PID: 1904
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 1932
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgidsagent.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PID: 168
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\CTSVCCDA.EXE
PID: 204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Command Software\dvpapi.exe
PID: 224
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 248
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 280
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PID: 304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\escsvc.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgnsx.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgemcx.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PID: 1436
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\Program Files\MozyHome\mozybackup.exe
PID: 2184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2416
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
PID: 2440
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2568
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 2592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PRISMSVC.exe
PID: 2632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2880
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PID: 2960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\fxssvc.exe
PID: 3020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 3072
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3468
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3892
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgsrmax.exe
PID: 4056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 2876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PRISMSVR.exe
PID: 2896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3688
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PID: 3696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PID: 3740
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 3788
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG2013\avgui.exe
PID: 4040
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PID: 3312
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
PID: 1564
Hidden: No
Window Visible: No

Name: C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
PID: 2080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2312
Hidden: No
Window Visible: No

Name: C:\Program Files\MozyHome\mozystat.exe
PID: 1284
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\CTXFISPI.EXE
PID: 1880
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2556
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2100
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3796
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Michael\Desktop\SysProt\SysProt\SysProt.exe
PID: 996
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Michael\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B973D000
Module End: B9748000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E5000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E5000
Module End: 80705D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F79D2000
Module End: F79D4000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F78E2000
Module End: F78E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F73A3000
Module End: F73D1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F79D4000
Module End: F79D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7392000
Module End: F73A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F74D2000
Module End: F74DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A9A000
Module End: F7A9B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7752000
Module End: F7759000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74E2000
Module End: F74ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7373000
Module End: F7392000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F79D6000
Module End: F79D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F734D000
Module End: F7373000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F775A000
Module End: F775F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74F2000
Module End: F74FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7335000
Module End: F734D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7502000
Module End: F750B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7512000
Module End: F751F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7315000
Module End: F7335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7303000
Module End: F7315000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: F72ED000
Module End: F7303000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7522000
Module End: F752B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F72D6000
Module End: F72ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F72C3000
Module End: F72D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7236000
Module End: F72C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7209000
Module End: F7236000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F71EF000
Module End: F7209000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\GRFILTER.sys
Service Name: GRFILTER
Module Base: F78E6000
Module End: F78EA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgrkx86.sys
Service Name: Avgrkx86
Module Base: F7532000
Module End: F753D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avglogx.sys
Service Name: Avglogx
Module Base: F71B0000
Module End: F71EF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgmfx86.sys
Service Name: Avgmfx86
Module Base: F7196000
Module End: F71B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgidshx.sys
Service Name: AVGIDSHX
Module Base: F7185000
Module End: F7196000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7722000
Module End: F772B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F6AF9000
Module End: F6DBF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6AE5000
Module End: F6AF9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6ABD000
Module End: F6AE5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F784A000
Module End: F7850000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6A99000
Module End: F6ABD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7852000
Module End: F785A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: F6A65000
Module End: F6A99000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6A42000
Module End: F6A65000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F6943000
Module End: F6A42000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F689C000
Module End: F6943000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F785A000
Module End: F7862000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: F6876000
Module End: F689C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7732000
Module End: F773D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: F79FA000
Module End: F79FC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7742000
Module End: F7752000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7552000
Module End: F7561000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BFD000
Module End: F7BFE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7562000
Module End: F756F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F79BE000
Module End: F79C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F685F000
Module End: F6876000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F7572000
Module End: F757D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7582000
Module End: F758E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7862000
Module End: F7867000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F684E000
Module End: F685F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7592000
Module End: F759B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F786A000
Module End: F786F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7872000
Module End: F7877000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F681E000
Module End: F684E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F75A2000
Module End: F75AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F787A000
Module End: F7880000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7882000
Module End: F7888000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79FC000
Module End: F79FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F67C0000
Module End: F681E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7148000
Module End: F714C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F75B2000
Module End: F75BC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: EE749000
Module End: EE776000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: EE725000
Module End: EE749000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F75E2000
Module End: F75F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sigfilt.sys
Service Name: sigfilt
Module Base: EE53B000
Module End: EE685000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7602000
Module End: F7611000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A00000
Module End: F7A02000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F6DD3000
Module End: F6DD6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mozy.sys
Service Name: mozyFilter
Module Base: EE528000
Module End: EE53B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS
Service Name: cdrbsdrv
Module Base: F6DCB000
Module End: F6DCF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A02000
Module End: F7A04000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7ADA000
Module End: F7ADB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A06000
Module End: F7A08000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Service Name: DLARTL_N
Module Base: F789A000
Module End: F78A0000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
Service Name: avgtp
Module Base: F7612000
Module End: F761E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F6DBF000
Module End: F6DC2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7632000
Module End: F763B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F78AA000
Module End: F78B1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F78B2000
Module End: F78B8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A08000
Module End: F7A0A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A0A000
Module End: F7A0C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F78BA000
Module End: F78BF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F78C2000
Module End: F78CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F797A000
Module End: F797D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE489000
Module End: EE49C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE430000
Module End: EE489000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgtdix.sys
Service Name: Avgtdix
Module Base: EE401000
Module End: EE430000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EE3DB000
Module End: EE401000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7682000
Module End: F768B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F78DA000
Module End: F78E2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE3B3000
Module End: EE3DB000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F799E000
Module End: F79A1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EE391000
Module End: EE3B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7692000
Module End: F769B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\UimFIO.SYS
Service Name: ---
Module Base: EE2FF000
Module End: EE34D000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\truecrypt.sys
Service Name: truecrypt
Module Base: EE2CF000
Module End: EE2FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EE2A4000
Module End: EE2CF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EE234000
Module End: EE2A4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F76B2000
Module End: F76BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgldx86.sys
Service Name: Avgldx86
Module Base: EE207000
Module End: EE234000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F79A6000
Module End: F79AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
Service Name: LHidFlt2
Module Base: F776A000
Module End: F7770000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F79AA000
Module End: F79AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
Service Name: LMouFlt2
Module Base: F76C2000
Module End: F76D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: F79AE000
Module End: F79B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F778A000
Module End: F7791000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F7792000
Module End: F7799000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
Service Name: AVGIDSShim
Module Base: F77FA000
Module End: F7802000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
Service Name: AVGIDSDriver
Module Base: EE1A7000
Module End: EE1DF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: EE715000
Module End: EE725000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE027000
Module End: EE03F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79EA000
Module End: F79EC000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EE0AF000
Module End: EE0B2000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F788A000
Module End: F788F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B21000
Module End: F7B22000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: EE6E5000
Module End: EE6EF000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS
Service Name: DLADResN
Module Base: F7BC3000
Module End: F7BC4000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: EBCD1000
Module End: EBCE7000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: EBD57000
Module End: EBD5B000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: F7A0C000
Module End: F7A0E000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: F77B2000
Module End: F77B9000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: EBCB9000
Module End: EBCD1000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: EBCA3000
Module End: EBCB9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F77E2000
Module End: F77E7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GRTdiMon.sys
Service Name: GRTdiMon
Module Base: EE685000
Module End: EE68E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EBC73000
Module End: EBC77000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EBA1E000
Module End: EBA4B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\css-dvp.sys
Service Name: CSS DVP
Module Base: EB83D000
Module End: EB906000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EB819000
Module End: EB83D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7A90000
Module End: F7A92000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: EB508000
Module End: EB549000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: EB4BC000
Module End: EB4BF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: EB2B5000
Module End: EB30D000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\pmemnt.sys
Service Name: PMEM
Module Base: F7A4E000
Module End: F7A50000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: EB5D9000
Module End: EB5E3000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Service Name: symlcbrd
Module Base: F781A000
Module End: F7820000
Hidden: No

Module Name: \??\C:\Program Files\Symantec\SYMEVENT.SYS
Service Name: SymEvent
Module Base: BA501000
Module End: BA51A000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
Service Name: NPDriver
Module Base: EB5A9000
Module End: EB5B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: BA474000
Module End: BA489000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EB681000
Module End: EB690000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ctusfsyn.sys
Service Name: CTUSFSYN
Module Base: BA3FF000
Module End: BA426000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Service Name: ossrv
Module Base: BA3CD000
Module End: BA3FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: BA3A6000
Module End: BA3CD000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwNotifyChangeKey
Address: F77FB5D0
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwNotifyChangeMultipleKeys
Address: F77FB700
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwOpenProcess
Address: F77FB010
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwQueryValueKey
Address: F76131C4
Driver Base: F7612000
Driver End: F761E000
Driver Name: \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

Function Name: ZwSuspendProcess
Address: F77FB300
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwSuspendThread
Address: F77FB3E0
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateProcess
Address: F77FB120
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwTerminateThread
Address: F77FB210
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

Function Name: ZwWriteVirtualMemory
Address: F77FB4D0
Driver Base: F77FA000
Driver End: F7802000
Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwWriteFile
At Address: 8057CF10
Jump To: 86CC66CC
Module Name: _unknown_

Hooked Function: ZwSetSystemInformation
At Address: 8060FD24
Jump To: 86AFEE54
Module Name: _unknown_

Hooked Function: ZwSetInformationFile
At Address: 8057B02E
Jump To: 86CF86CC
Module Name: _unknown_

Hooked Function: ZwCreateSection
At Address: 805AB3D0
Jump To: 86A9C01C
Module Name: _unknown_

Hooked Function: ObCloseHandle
At Address: 805BC533
Jump To: 86CF8A8C
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Documents\Back up Sony for Jen\indio\http--rds.yahoo.com-_ylt=A0geupmWNU5ELWwAZ5BXNyoA;_ylu=X3oDMTE3aGc3ajFkBGNvbG8DZQRsA1dTMQRwb3MDMTYEc2VjA3NyBHZ0aWQDREZYNV8zMA---SIG=11n1sg7eu-EXP=1146062614-http--www.godalrighty.com
Status: Hidden

Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\4.2.0.17
Status: Access denied

Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\4.2.0.28
Status: Access denied

Object: C:\Documents and Settings\Michael\Application Data\Documents and Settings\Mike\Application Data\3M\PDNotes\PSNData
Status: Access denied

Object: C:\Documents and Settings\Michael\Desktop\Temp\Documents and Settings\Mike\Application Data\Microsoft\Address Book\Mike.wab
Status: Access denied

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\(1988) Frank Zappa - 51 - You can't do that on stage anymore Vol. 1 [256]\disc1\Frank Zappa - 08 - Let's make the water turn black x Harry, you're a beast x The Orange County lum
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 02 - The soundtracks [192]\Frank Zappa
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 03 - The Cucamonga era [192]\Frank Zapp
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 01 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 02 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 03 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 04 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 05 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 06 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 07 -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 04 - Gas mask [192]\Frank Zappa - 20 ye
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 01
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 02
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 03
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 04
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 05
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 06
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 07
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 08
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 09
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 10
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 05 - Hotel Dixie [192]\Frank Zappa - 20
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 01
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 02
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 03
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 04
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 05
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 06
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 07
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 08
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 09
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 10
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 07 - Show & tell [192]\Frank Zappa - 20
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 09 - Warts & all I [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 10 - Warts & All II [192]\Frank Zappa -
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 11 - Soup & old clothes [192]\Frank Zap
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(---- - Box) Frank Zappa - 20 years of Frank Zappa (boot) some incompletee\Frank Zappa - 20 years of Frank Zappa - disc 12 - Advanced study - World pop dominat
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Frank Zappa\Boots and oddities\(----) Frank Zappa - Cucamonga years - The early works of Frank Zappa (1962-1964) [128]\Frank Zappa - 03 - Baby Ray and the Ferns - World's greatest sinner (19
Status: Hidden

Object: C:\Documents and Settings\Michael\My Documents\Azureus Downloads\Maynard Ferguson - The Complete Maynard Ferguson on Roulette\The Complete Maynard Ferguson on Roulette Vol. 08\Maynard Ferguson - 04 - My Sweetie Went Away, She Didn't Say Where, When, Or Wh
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\RECYCLER\S-1-5-21-1703037801-221494611-3155105034-1005\Dc4541\Mike\Application Data\3M\PDNotes\PSNData
Status: Access denied

So WildTangent's ok?

SuperDave · « **Reply #19 on:** April 20, 2013, 03:52:44 PM »

Quote

So WildTangent's ok?

I wouldn't have it on my computer but it's in a lot of reputable downloads so they may have cleaned up their act.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Computer Hope Forum

News:

Author Topic: A bunch of Trojans found all of a sudden (Read 15655 times)

SuperDave

Re: A bunch of Trojans found all of a sudden

Technoid

Re: A bunch of Trojans found all of a sudden

SuperDave

Re: A bunch of Trojans found all of a sudden

Technoid

Re: A bunch of Trojans found all of a sudden

SuperDave

Re: A bunch of Trojans found all of a sudden