Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32.FraudLoad.edt? with Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 3rd, 2009, 12:32 pm

I still can't get Spybot to run, which I need to do in order to disable Spybot's Teatimer. Is there another way of disabling it? Should I uninstall Spybot?
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm
Advertisement
Register to Remove

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 3rd, 2009, 1:13 pm

Hello flyingmojo,

If Spybot is not running, it should be fine to proceed. If that is the case, please continue with Combofix and the file to be scanned, and the New HijackThis log.

Thank you for letting me know of these issues.

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 3rd, 2009, 1:44 pm

Sorry, I should've been more clear. Teatimer is running. I can see it at the bottom right corner of the taskbar. And its in the Processes list in the Task Manager. What isn't running is the interface. Whenever I double-click on the desktop icon, or try to run it from the Start menu, or anything else, nothing happens. The only way I can see disabling it without having access to the interface is uninstalling it, but I didn't want to do that without making sure it was ok first. And I don't know if there is another way. There's also ending the process via the Task Manager, but I don't know if that's effective enough.
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 3rd, 2009, 9:08 pm

Hello flyingmojo,

For now it would be fine to uninstall Spybot, if stopping it through Task Manager doesn't work. We will reinstall it when cleaned up.
Then please continue with the previous instructions.

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 3rd, 2009, 11:03 pm

Ok, we have a problem. I uninstalled Spybot, and disabled AVG's Resident Shield. I then copied and pasted the text in the quote box and saved it with the file name you mentioned and as type: "All Files". I then dragged and dropped the file into Combo Fix. Nothing happened. The Combo Fix icon highlights, but when I let go, the file hasn't moved and Combo Fix doesn't do anything. Taking a look at the properties of the file by right-clicking it, it says Type of File: text document and Opens With: Notepad. Is the saving as Type: All Files not working? Is Combo Fix not working? Did I do something wrong? I have repeated the steps (copying and pasting and saving) several times to no avail.

On a side note, I will be leaving for the weekend and I will be back Monday. So we'll have to resume things then. Thank you for your help so far.
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 3rd, 2009, 11:16 pm

Also, I just reinstalled spybot, but even after a reinstall, the interface will still not run. Also, my email scanner is still disabled. My email (outlook express) is working fine, but its the AVG email scanner that is disabled.
Also, re: your question about the fraudelent anti-malware/spyware/virus that I keep getting, I can't remember the names of each one, but I do know one was called Total Security.
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 3rd, 2009, 11:47 pm

Ok, as an experiment, I just tried to run Combo Fix. Nothing happened when I double-clicked on it. Looks like the same thing that is happening to spybot is happening to Combo Fix. My guess is that this bad. I deleted it and re-downloaded it. Same thing.
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 4th, 2009, 12:11 pm

Hello flyingmojo,

Thank you for letting me know about your weekend. I hope you enjoyed it.

Please try the following:


Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Post
Win32kDiag.txt
Any problems or new issues

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 4th, 2009, 12:48 pm

Thank you for letting me know about your weekend. I hope you enjoyed it.


:lol: I haven't gone yet. I leave today.

Ok, I didn't deactivate AVG or spybot this time, since it wasn't in these instructions. If I need to, please let me know. But it doesn't look like this worked. Here's the log:

Log file is located at: C:\Documents and Settings\Mica Gries\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 4th, 2009, 1:16 pm

Hello flyingmojo,

I hope you enjoy your trip :)
I wrote what you quoted in case you left sooner than I got in this morning.
Checking on what occurred. Will probably post today, but you're fine to wait till Monday.

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 4th, 2009, 10:25 pm

Hello flyingmojo,

*Please Copy/Print instructions for reference*

We need a better look. Please do the following:

Step 1

Please Download SysProt Antirootkit
you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors.

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items and check Hidden Objects Only at the bottom of the window.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.



Step 2

Rerun RSIT
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, one log will open this time:
    • log.txt will be opened maximized.
  • Please post the contents of log.txt.


Post
Scan results from SysProt
New log.txt from RSIT
Any issues or problems

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 7th, 2009, 10:21 pm

So, I arrived home after a very joyful occasion (my wife's niece got married), and discovered something that filled me with even more joy. I tried dragging and dropping the text into ComboFix again, just to see, and this time it worked! I guess my PC just needed a rest and a break from all my overbearing anxiety.

Here are the logs:

ComboFix 09-09-03.02 - Mica Gries 09/07/2009 18:13.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2477 [GMT -7:00]
Running from: c:\documents and settings\Mica Gries\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mica Gries\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

file zipped: c:\windows\Ivofuqoqiwogi.dat
file zipped: c:\windows\system32\drivers\xmxtrpfhwevxylnk.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MICAGR~1\APPLIC~1\Azureus
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\.certs
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\.keystore
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\.lock
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\034F61037691D5D2B99D7FD4945741A3CAB3151E.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\034F61037691D5D2B99D7FD4945741A3CAB3151E.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\16E9C07392B4348936DBA79D369607DF8E78604D.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\16E9C07392B4348936DBA79D369607DF8E78604D.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\27A82944E7C3B474E4447E5E335F3B8F8924DD52.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\27A82944E7C3B474E4447E5E335F3B8F8924DD52.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\3526E9CE6012CA68E7D2F3C4165D4F01FB461744.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\3526E9CE6012CA68E7D2F3C4165D4F01FB461744.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\3CAF2A67B090263DC88DE0C0CA774F66555A8785.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\3CAF2A67B090263DC88DE0C0CA774F66555A8785.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\3F2BA68C2F72904BA10E89326902D480E6889C0C.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\3F2BA68C2F72904BA10E89326902D480E6889C0C.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\4AB3DF1435BC68457366F56760337AB3F4A7CF62.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\4AB3DF1435BC68457366F56760337AB3F4A7CF62.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\4C5020107E466315C57E4060B88DA307426116D3.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\4C5020107E466315C57E4060B88DA307426116D3.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\4CC0C0136CC8B3A37CDF725B56C276AE61B85CC5.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\4CC0C0136CC8B3A37CDF725B56C276AE61B85CC5.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\55DE88B3D6CCF37721C632743EB863B313E48256.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\55DE88B3D6CCF37721C632743EB863B313E48256.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\5ACADF7BD92BC68066044F6BA1640B5107DAC528.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\5ACADF7BD92BC68066044F6BA1640B5107DAC528.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\5EA00BE5F49FDEA42C7133C668623CB1DFC28FD4.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\5EA00BE5F49FDEA42C7133C668623CB1DFC28FD4.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\61DE299280413D35ADD2774F324510D3D7BF1325.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\61DE299280413D35ADD2774F324510D3D7BF1325.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\633E0C0171261DD7CEEB5C6DEBAEF616C51771D8.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\633E0C0171261DD7CEEB5C6DEBAEF616C51771D8.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\66C83608943E87D36B7C50539CBC260C1276277C.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\66C83608943E87D36B7C50539CBC260C1276277C.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\7BF20456DACA1FB166E4B47BBA0FD95C0FFB761E.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\7BF20456DACA1FB166E4B47BBA0FD95C0FFB761E.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\7CC22476F59A5268A48D45137097924FFF344C67.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\7CC22476F59A5268A48D45137097924FFF344C67.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\82C626BB50B080BB0E7A6516DD0472F50AEFC824.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\82C626BB50B080BB0E7A6516DD0472F50AEFC824.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\866D69D2F5040BB7A6C820A01E271E3D0BB90E19.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\866D69D2F5040BB7A6C820A01E271E3D0BB90E19.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\96F0AF4DEEC685D188A67A0414DDC94EC041A1C4.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\96F0AF4DEEC685D188A67A0414DDC94EC041A1C4.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\ABFA17574A6859D88FCDC41CEA95DC2587F07EE6.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\ABFA17574A6859D88FCDC41CEA95DC2587F07EE6.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\AD55B96AFD98779E65DAC3808990ABEA76CC1834.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\AD55B96AFD98779E65DAC3808990ABEA76CC1834.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\B0F77E0B5AD807053A85ECB41C1AA44277DF9522.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\B0F77E0B5AD807053A85ECB41C1AA44277DF9522.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\B62CE50CD4AEB9C6F9884F324A7C40BD2F378679.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\B62CE50CD4AEB9C6F9884F324A7C40BD2F378679.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\BDCAA9F7D5F3466D58FEC90A4BFF0E0150E8921E.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\BDCAA9F7D5F3466D58FEC90A4BFF0E0150E8921E.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\cache.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\DAC5FED2B8C706913E8196A07BAEDF658BE6140B.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\DAC5FED2B8C706913E8196A07BAEDF658BE6140B.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\E4237C5277E08592DE513C05FBD508954FFD7DDC.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\E4237C5277E08592DE513C05FBD508954FFD7DDC.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\E68D7B90455133975E9CF84FDF9BB4F580372916.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\E68D7B90455133975E9CF84FDF9BB4F580372916.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\F2577B1E7BC95B0BF6E2405B0987D35F0EFF5E21.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\F2577B1E7BC95B0BF6E2405B0987D35F0EFF5E21.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\FF00207A52BA16E0C976FE50F8954FC094EFB27C.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\active\FF00207A52BA16E0C976FE50F8954FC094EFB27C.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\azureus.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\azureus.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\azureus.statistics
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\azureus.statistics.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\banips.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\banips.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\cache\1191085919.ico
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\cnetworks.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\debug\image-0.jpg
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\devices.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\devices.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\dht\addresses.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\dht\contacts.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\dht\diverse.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\dht\general.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\dht\version.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\downloads.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\downloads.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\friends.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\friends.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\ipfilter.cache
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\metasearch.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\metasearch.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\net\pm_852.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\net\pm_default.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\plugins\azupnpav\cd.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\sharing.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\sharing.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\sidebarauto.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\sidebarauto.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\07ABDD32A54D704B48FE.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\1A15A809B4D0A8467DDA.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\23A83A6C9F242D57999F.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\44D58598D07EC4631006.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\506E618076B68A4FE10C.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\87C52BEB0ECC62B93635.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\B37E8F791BB645FF3B7C.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\B6104B1D0534FEA485D2.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\CEA06BACAA04C3DAA925.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\F34DB3BC22A8C4C95D2B.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subs\F79561DE25ADCAEF8BE3.vuze
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subscriptions.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\subscriptions.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tables.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tables.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57705.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57706.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57707.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57708.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57709.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57710.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57711.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57712.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57713.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57714.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tmp\AZU57715.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\(digimob)_Occult_Mob__s_Submissions_Digest__23.2.4342616.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\(digimob)_Viridarium_Umbris__The_Pleasure_Garden_of_Shadow.4097661.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\[NEW]_Goldfrapp_-_Supernature_(2005)_-_Electronic.3373565.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\_ebook__The_Free_Energy_Secrets_of_Cold_Electricity.pdf [mininova].torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Alcohol 120 Corporate Version [Big-Hair] [mininova].torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU11302.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU15408.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU15412.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU18156.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU18161.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU19240.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU21274.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU25912.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU25915.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU3153.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU35655.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU3842.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU3848.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU4222.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU4225.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU46094.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU46099.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU47386.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU4747.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU48071.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU56253.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU57998.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\AZU601.tmp
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Brisingr.pdf.4454970.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Cicero_-_Self_Initiation_into_the_Golden_Dawn_Tradition_(occult).3746742.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Coats___Schauberger_-_The_fertile_earth_-_Nature__s_energies_in.3494270.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Concentration [Mouni Sadhu Ebook] ['THE' Occult training manual!] [mininova].torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Dan_A._Davidson_-_Shape_Power.pdf.4246771.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Doom_3_Retail__Single_Player_Ready.4562382.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Goldfrapp_-_Seventh_Tree_[2008][CD_SkidVid_XviD_Cov]192Kbps.4054330.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Goldfrapp_Discography.3940155.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\HERO_SYSTEM_PDF.4164581.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Manly_Palmer_Hall_Complete_Lecture_Series_2.4826305.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Megacollection_-_Tom_Bearden_-_Complete_Works.4362954.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Music_From_The_Lonely_Planet_TV_series_-_Pilot_guides_-_Globe_tr.3648596.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Native.Instruments.Traktor.DJ.Studio.3.Cracked-DjNilo.3785871.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Native_Instruments_TRAKTOR_3.3.2.060_Retail.4064339.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Oblivion_-_DLCMehrunesRazor_[official].zip.3495922.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Oblivion_-_DLCOrrery_[official].zip.3495924.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Oblivion_-_DLCWizardsTower_[official].zip.3495925.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Penthouse_Issue__4_2009.4790924.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\psychic-sexuality_ingo-swann.pdf [mininova]-1.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Repost__Magical_Egypt_-_8_Hours_Documentary_About_The_Ancient_Se.4111239.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\The.Evil.Dead[1983][unrated.edition]dvdrip[xvid].3831326.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\The.Shivering.Isles.PROPER-RELOADED___v1.2.0416_patch_and_crack.3705554.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Thief-Deadly_Shadows.3508540.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Thief_2_The_Metal_Age-eXclusive.3804111.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Tom_Bearden_-_Final_Secrets_of_Free_energy_(1993).3492333.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Traktor Dj Studio 3.2.2 [mininova].torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Unreal_Tournament.4264135.TPB-1.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Unreal_Tournament_2004_(PC_Game)_(serial___version_3369_patch).4214838.TPB.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\torrents\Vortex_Based_Mathematics_The_Finger_Print_of_God_Marko_Rodin_x-Demonoid.com-x.torrent
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tracker.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\tracker.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\unsentdata.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\unsentdata.config.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\update.log
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\update.properties
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\v3.Friends.dat
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\v3.Friends.dat.bak
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\VuzeActivities.config
c:\docume~1\MICAGR~1\APPLIC~1\Azureus\VuzeActivities.config.bak
c:\docume~1\MICAGR~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\All Users\Application Data\11737504
c:\documents and settings\All Users\Application Data\11737504\11737504
c:\documents and settings\All Users\Application Data\11737504\pc11737504ins
c:\documents and settings\All Users\Application Data\bysetid.sys
c:\documents and settings\All Users\Application Data\ikakujepe.scr
c:\documents and settings\All Users\Application Data\ikykosas.bin
c:\documents and settings\All Users\Application Data\ydidu.ban
c:\documents and settings\All Users\Documents\vufysod.reg
c:\documents and settings\All Users\Documents\xesurek.dll
c:\documents and settings\Mica Gries\Application Data\ewamupom.bin
c:\documents and settings\Mica Gries\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Mica Gries\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
c:\documents and settings\Mica Gries\Application Data\sygaqalume.inf
c:\documents and settings\Mica Gries\Application Data\wiaserva.log
c:\documents and settings\Mica Gries\Cookies\etorakuz.dl
c:\documents and settings\Mica Gries\delself.bat
c:\documents and settings\Mica Gries\Local Settings\Application Data\detasu.bin
c:\documents and settings\Mica Gries\Local Settings\Application Data\fosowi.bin
c:\documents and settings\Mica Gries\Local Settings\Application Data\gojuqi.dll
c:\documents and settings\Mica Gries\Local Settings\Application Data\itow.sys
c:\documents and settings\Mica Gries\Local Settings\Application Data\lecal.sys
c:\documents and settings\Mica Gries\Local Settings\Temp\catchme.dll
c:\documents and settings\Mica Gries\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\Vuze
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.21.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.21.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.21
c:\windows\adevin.pif
c:\windows\Ivofuqoqiwogi.dat
c:\windows\ozefedeka.inf
c:\windows\ptidlg.dll
c:\windows\system32\drivers\xmxtrpfhwevxylnk.sys
c:\windows\system32\libo.vbs
c:\windows\system32\onhelp.htm
c:\windows\system32\qykazyje.scr

.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-05 16:03 . 2009-09-06 19:00 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-03 16:22 . 2009-09-05 16:00 94272 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-09-01 17:23 . 2009-09-01 17:23 16879 ----a-w- c:\windows\system32\apavocubih.com
2009-09-01 17:23 . 2009-09-01 17:23 14742 ----a-w- c:\windows\evij.com
2009-08-29 17:07 . 2009-08-29 17:08 -------- d-----w- C:\rsit
2009-08-29 03:34 . 2009-08-29 03:34 -------- d-----w- c:\documents and settings\Mica Gries\Local Settings\Application Data\{EC912E71-D645-44EA-AFFD-8D2B380911F7}
2009-08-25 17:53 . 2009-08-25 17:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-25 17:53 . 2009-08-25 17:53 -------- d-----w- c:\program files\Real
2009-08-25 05:27 . 2009-08-25 05:27 -------- d-----w- c:\windows\system32\scripting
2009-08-25 05:27 . 2009-08-25 05:27 -------- d-----w- c:\windows\l2schemas
2009-08-25 05:27 . 2009-08-25 05:27 -------- d-----w- c:\windows\system32\en
2009-08-25 05:27 . 2009-08-25 05:27 -------- d-----w- c:\windows\system32\bits
2009-08-25 05:19 . 2009-08-25 05:19 -------- d-----w- c:\windows\EHome
2009-08-23 06:02 . 2009-08-25 05:25 -------- d-----w- c:\windows\ServicePackFiles
2009-08-23 05:21 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-23 05:21 . 2009-06-10 16:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-23 05:15 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-23 05:15 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-22 03:11 . 2009-08-22 03:11 -------- d-----w- c:\program files\Trend Micro
2009-08-21 21:04 . 2009-08-21 22:36 -------- d-----w- c:\windows\BDOSCAN8
2009-08-21 21:02 . 2009-08-21 21:02 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-21 20:18 . 2009-08-21 20:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-08-19 03:00 . 2009-08-26 03:02 -------- d-----w- c:\documents and settings\Mica Gries\Application Data\HpUpdate
2009-08-19 03:00 . 2009-08-19 03:00 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 01:22 . 2008-09-18 17:13 -------- d-----w- c:\documents and settings\Mica Gries\Application Data\Skype
2009-09-08 01:09 . 2008-09-18 17:14 -------- d-----w- c:\documents and settings\Mica Gries\Application Data\skypePM
2009-09-07 17:32 . 2008-07-05 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-05 16:00 . 2004-08-10 16:58 94272 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-09-04 18:52 . 2008-08-10 20:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-04 18:51 . 2008-08-10 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-01 17:23 . 2009-09-01 17:23 19865 ----a-w- c:\program files\Common Files\quviqufy.lib
2009-09-01 17:12 . 2008-08-30 23:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-29 21:39 . 2009-04-25 05:42 -------- d-----w- c:\program files\MSN Messenger
2009-08-28 15:57 . 2008-07-05 23:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 15:57 . 2008-07-05 23:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 15:57 . 2008-07-05 23:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 16:27 . 2008-07-05 21:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-25 17:53 . 2009-01-08 01:07 -------- d-----w- c:\program files\Common Files\Real
2009-08-25 17:53 . 2008-05-21 22:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-25 16:58 . 2008-05-30 18:04 33840 ----a-w- c:\documents and settings\Mica Gries\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 06:14 . 2008-05-21 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-19 03:00 . 2008-11-12 03:24 -------- d-----w- c:\program files\HP
2009-08-08 01:05 . 2008-05-21 22:58 -------- d-----w- c:\program files\Google
2009-08-08 01:03 . 2009-08-08 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-05 17:03 . 2009-07-09 19:07 -------- d-----w- c:\program files\Trillian
2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 05:32 . 2009-08-05 05:29 -------- d-----w- c:\program files\Graboid
2009-08-05 05:30 . 2009-08-05 05:30 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-08-03 18:57 . 2009-08-03 18:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-03 00:18 . 2008-06-08 00:55 -------- d-----w- c:\documents and settings\Mica Gries\Application Data\Yahoo!
2009-08-03 00:18 . 2008-06-08 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-02 16:20 . 2009-08-02 16:20 -------- d-----w- c:\program files\ElcomSoft
2009-08-02 05:14 . 2009-08-01 02:18 -------- d-----w- c:\program files\Native Instruments
2009-07-29 04:37 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-27 17:24 . 2008-06-24 01:32 -------- d-----w- c:\program files\World of Warcraft
2009-07-27 17:05 . 2008-07-05 22:28 33840 ----a-w- c:\documents and settings\Guinevere Morgan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 18:34 . 2008-05-21 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-07-20 03:36 . 2009-07-20 03:36 -------- d-----w- c:\program files\Groundspeak
2009-07-20 03:24 . 2009-07-20 03:24 -------- d-----w- c:\program files\YouTube Downloader
2009-07-20 02:48 . 2009-07-20 02:48 -------- d-----w- c:\program files\MSBuild
2009-07-20 02:48 . 2009-07-20 02:48 -------- d-----w- c:\program files\Reference Assemblies
2009-07-17 19:01 . 2004-08-10 16:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 16:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 03:33 . 2008-06-02 22:35 -------- d-----w- c:\program files\Bethesda Softworks
2009-07-12 22:01 . 2009-06-13 22:49 -------- d-----w- c:\program files\Runes of Magic
2009-07-11 20:07 . 2008-06-06 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-11 20:07 . 2008-06-06 16:37 -------- d-----w- c:\program files\Yahoo!
2009-07-10 23:56 . 2009-07-03 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-26 16:50 . 2004-08-10 16:51 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 2004-08-10 16:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 16:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 16:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 16:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 16:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 16:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 16:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2004-08-10 16:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2004-08-10 17:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-10 16:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-10 16:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-05-21 22:50 . 2008-05-21 22:50 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-09-01_17.13.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-08 01:21 . 2009-09-08 01:21 16384 c:\windows\temp\Perflib_Perfdata_39c.dat
- 2009-07-20 02:45 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2009-07-20 02:45 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2008-05-30 17:54 . 2009-09-07 17:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-30 17:54 . 2009-08-25 16:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-30 17:54 . 2009-09-07 17:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-30 17:54 . 2009-08-25 16:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-30 17:54 . 2009-08-25 16:46 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-30 17:54 . 2009-09-07 17:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-10 16:50 . 2004-08-04 09:00 4224 c:\windows\system32\dllcache\beep.sys
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-08-23 05:23 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-03-20 18:48 . 2009-03-20 18:48 183808 c:\windows\Installer\275c8d2.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-21 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-16 138008]
"OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-06-17 36864]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-28 2007832]
"TELUS_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-08 1462272]
"TelusWCC_McciTrayApp"="c:\program files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe" [2006-03-10 543232]
"TEPA.exe"="c:\program files\TELUS\eProtect Advisor\TEPA.exe" [2007-05-14 2061816]
"TELUS eProtect"="c:\program files\TELUS\TELUS eProtect\Rps.exe" [2007-09-13 310000]
"-FreedomNeedsReboot"="c:\program files\TELUS\TELUS eProtect\ZkRunOnceR.exe" [2007-09-13 13552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-25 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-04 18085888]

c:\documents and settings\Mica Gries\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-21 23:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 15:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"c:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Mica Gries\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Mica Gries\\Desktop\\mirc\\mirc32.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/5/2008 4:02 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/5/2008 4:02 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/6/2008 12:00 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/6/2008 12:00 PM 297752]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [5/21/2008 3:49 PM 31616]
S2 gupdate1ca17c427846f60;Google Update Service (gupdate1ca17c427846f60);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 6:04 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/13/2009 10:51 AM 1684736]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\MICAGR~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\MICAGR~1\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [5/21/2008 3:31 PM 141376]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [5/21/2008 3:31 PM 7424]
S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [5/21/2008 3:31 PM 235808]
S3 Radialpoint Security Services;TELUS eProtect;c:\windows\system32\dllhost.exe [8/10/2004 9:50 AM 5120]
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2009-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-21 01:03]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:04]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 01:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-sys32_nov - c:\documents and settings\Mica Gries\sys32_nov.exe
HKLM-Run-sys32_nov - c:\windows\system32\sys32_nov.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mica Gries\Application Data\Mozilla\Firefox\Profiles\oz5ojilq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: XUL Cache: {EC912E71-D645-44EA-AFFD-8D2B380911F7} - c:\documents and settings\Mica Gries\Local Settings\Application Data\{EC912E71-D645-44EA-AFFD-8D2B380911F7}\
FF - HiddenExtension: XUL Cache: {1D46326B-522B-4FE3-86B8-F0DC7A05C6BB} - c:\documents and settings\Guinevere Morgan\Local Settings\Application Data\{1D46326B-522B-4FE3-86B8-F0DC7A05C6BB}\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 18:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4256185878-1621736987-725487831-1006\Software\SecuROM\License information*]
"datasecu"=hex:be,65,86,69,4f,f9,b2,e6,e9,9e,86,a5,c6,37,79,43,cc,82,24,24,ce,
94,97,ed,79,37,e7,9e,89,b1,ad,46,bd,da,e4,dd,80,1c,82,1e,78,ca,fd,05,51,9c,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TELUS\TELUS eProtect\Fws.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-09-08 18:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 01:25
ComboFix2.txt 2009-09-01 17:16

Pre-Run: 354,268,917,760 bytes free
Post-Run: 354,486,669,312 bytes free

567 --- E O F --- 2009-09-04 21:22
Upload was successful

________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:24 PM, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TELUS\TELUS eProtect\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080522
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca17c427846f60) (gupdate1ca17c427846f60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS eProtect Update Service (RPSUpdaterR) - TELUS - C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
O23 - Service: TELUS eProtect Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS eProtect\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MICAGR~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 13256 bytes

___________________

Virustotal

File has already been analysed:
MD5: be434f788660a9bad38087a152213528
First received: 2009.09.04 19:46:26 UTC
Date: 2009.09.07 11:07:17 UTC [<1D]
Results: 10/41
Permalink: analisis/befc080287a3492d5ba7b9bbba9abf31cfd0e4cd329eb5adf043b6060ec48a7e-1252321637

_____________________

No obvious problems that I can observe at the moment
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 8th, 2009, 3:44 am

Hello flyingmojo, happy you had a great trip. Congratulations to your niece.

Please follow the instructions in my previous post and run SysProt and RSIT.

Post
log from SysProt Scan
New RSIT log.txt

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Win32.FraudLoad.edt? with Log

Unread postby flyingmojo » September 8th, 2009, 1:39 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: spek.sys
Service Name: ---
Module Base: B9EAA000
Module End: B9FA7000
Hidden: Yes

Module Name:
Service Name: ---
Module Base: B9D2D000
Module End: B9D45000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: atapi
Module Base: ACB15000
Module End: ACB2D000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA654000
Module End: BA656000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: B9E78028
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwCreateKey
Address: B9E77FE0
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwCreatePagingFile
Address: B9E6BB00
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwEnumerateKey
Address: B9E6C5DC
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwEnumerateValueKey
Address: B9E78120
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwOpenFile
Address: B9E6BB40
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwOpenKey
Address: B9E77FA4
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwQueryKey
Address: B9E6C5FC
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwQueryValueKey
Address: B9E78076
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwSetSystemPowerState
Address: B9E77550
Driver Base: B9E6A000
Driver End: B9E92000
Driver Name: a347bus.sys

Function Name: ZwSetValueKey
Address: B9EC919A
Driver Base: B9EAA000
Driver End: B9FA7000
Driver Name: spek.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwWriteFile
At Address: 8057CEF2
Jump To: 8A13E6E4
Module Name: _unknown_

Hooked Function: ZwSetSystemInformation
At Address: 8060F3E4
Jump To: 8A01801C
Module Name: _unknown_

Hooked Function: ZwSetInformationFile
At Address: 8057B010
Jump To: 8A05201C
Module Name: _unknown_

Hooked Function: ZwDuplicateObject
At Address: 805BDFD0
Jump To: 8A22401C
Module Name: _unknown_

Hooked Function: ZwCreateSection
At Address: 805AB3AE
Jump To: 8A0E7964
Module Name: _unknown_

Hooked Function: ObCloseHandle
At Address: 805BC4F3
Jump To: 8AC4ED1C
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8AA4E8A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_READ
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 89F63ED8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_READ
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_POWER
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8AB1D918
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B9EAB000
Hooking Module: spek.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AD12500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AD12500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AD12500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AD12500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AD12500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AD12500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: B9D896D0
Hooking Module: C:\WINDOWS\system32\drivers\iaStor.sys

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: B9D896D0
Hooking Module: C:\WINDOWS\system32\drivers\iaStor.sys

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B9D896D0
Hooking Module: C:\WINDOWS\system32\drivers\iaStor.sys

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B9D896D0
Hooking Module: C:\WINDOWS\system32\drivers\iaStor.sys

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: B9D896D0
Hooking Module: C:\WINDOWS\system32\drivers\iaStor.sys

Hooked Module: C:\WINDOWS\system32\drivers\iaStor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B9D896D0
Hooking Module: C:\WINDOWS\system32\drivers\iaStor.sys

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AF0C1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_CREATE
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_CLOSE
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_READ
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_WRITE
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SET_EA
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_POWER
Jump To: B9EB2E1C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B9EC6514
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: \Driver\PCI_PNP0628
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B9EECB0C
Hooking Module: spek.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8AB20820
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AD18500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AD18500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AD18500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AD18500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AD18500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AD18500
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: PARVATI.DOMAIN.INVALID:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PARVATI:27015
Remote Address: LOCALHOST:1032
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: PARVATI:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: PARVATI:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: PARVATI:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: PARVATI:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: PARVATI:10080
Remote Address: LOCALHOST:1239
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PARVATI:10080
Remote Address: LOCALHOST:1237
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PARVATI:10080
Remote Address: LOCALHOST:1235
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PARVATI:10080
Remote Address: LOCALHOST:1233
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PARVATI:10080
Remote Address: LOCALHOST:1231
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PARVATI:10080
Remote Address: LOCALHOST:1222
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PARVATI:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: PARVATI:10025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: PARVATI:7438
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
State: LISTENING

Local Address: PARVATI:5679
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
State: LISTENING

Local Address: PARVATI:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: PARVATI:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: LISTENING

Local Address: PARVATI:1058
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: PARVATI:1032
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: PARVATI:990
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\MI3AA1~1\rapimgr.exe
State: LISTENING

Local Address: PARVATI:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PARVATI:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: PARVATI.DOMAIN.INVALID:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: PARVATI.DOMAIN.INVALID:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PARVATI.DOMAIN.INVALID:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PARVATI.DOMAIN.INVALID:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PARVATI.DOMAIN.INVALID:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PARVATI:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PARVATI:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: PARVATI:54258
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: PARVATI:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: PARVATI:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: PARVATI:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: PARVATI:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\01\10-{5A5B2738-735C-9ED5-041F-6F225132459B}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\06\206-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\11\11-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\12\212-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\13\13-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\14\214-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\15\15-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\16\16-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\17\17-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\19\19-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\21\21-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\22\22-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\27\27-{8F91E58C-80D2-462F-8B3A-D02C22CF5576}-v
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\72\172-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\73\173-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\74\174-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\75\175-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\76\176-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\79\179-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\Local Settings\Application Data\Microsoft\Messenger\Guinevere333@hotmail.com\SharingMetadata\kitty_cat321@hotmail.com\DFSR\Staging\CS{5A5B2738-735C-9ED5-041F-6F225132459B}\87\187-{CF03C4E6-6519-4B9F-9B5E-A6D4C1D89E98}-
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\My Documents\Azureus Downloads\Manly P. Hall - Complete Lecture Series - PART 2\Individual Lectures by Subject\Psychology, Self-Improvement A-L\How to Turn off the TV in One Easy Lesson and Live Happily Ever After - Si
Status: Hidden

Object: C:\Documents and Settings\Mica Gries\My Documents\Azureus Downloads\Manly P. Hall - Complete Lecture Series - PART 2\Individual Lectures by Subject\Psychology, Self-Improvement A-L\How to Turn off the Tv in One Easy Lesson and Live Happily Ever After - Si
Status: Hidden



RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mica Gries at 2009-09-08 10:26:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 337 GB (71%) free of 473 GB
Total RAM: 3070 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:27 AM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TELUS\TELUS eProtect\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Mica Gries\Desktop\SysProt\SysProt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Mica Gries\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mica Gries.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1080522
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [TELUS eProtect] "C:\Program Files\TELUS\TELUS eProtect\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca17c427846f60) (gupdate1ca17c427846f60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS eProtect Update Service (RPSUpdaterR) - TELUS - C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
O23 - Service: TELUS eProtect Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS eProtect\Fws.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MICAGR~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 13346 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-27 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-21 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2008-02-28 17920]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-16 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-07-16 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-07-16 138008]
"OEM03Mon.exe"=C:\WINDOWS\OEM03Mon.exe [2007-06-17 36864]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-28 2007832]
"TELUS_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2007-10-07 1462272]
"TelusWCC_McciTrayApp"=C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe [2006-03-10 543232]
"TEPA.exe"=C:\Program Files\TELUS\eProtect Advisor\TEPA.exe [2007-05-14 2061816]
"TELUS eProtect"=C:\Program Files\TELUS\TELUS eProtect\Rps.exe [2007-09-13 310000]
"-FreedomNeedsReboot"=C:\Program Files\TELUS\TELUS eProtect\ZkRunOnceR.exe [2007-09-13 13552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-20 366400]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-25 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DELL Webcam Manager"=C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe [2007-06-07 118784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-21 68856]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Mica Gries\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-05-21 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe"="C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:*:Enabled:Lost Via Domus Game"
"C:\Program Files\Ubisoft\Lost Via Domus\gu.exe"="C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:*:Enabled:Lost Via Domus Updater"
"C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe"="C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:*:Enabled:Lost Via Domus Requirements Tool"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\Mica Gries\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Mica Gries\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Mica Gries\Desktop\mirc\mirc32.exe"="C:\Documents and Settings\Mica Gries\Desktop\mirc\mirc32.exe:*:Enabled:mIRC Internet Relay Chat Client"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-09-07 19:11:27 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-09-07 18:51:40 ----SHD---- C:\RECYCLER
2009-09-07 18:25:43 ----D---- C:\WINDOWS\temp
2009-09-07 18:25:13 ----A---- C:\ComboFix.txt
2009-09-05 09:03:02 ----D---- C:\Program Files\AntivirusPro_2010
2009-09-04 14:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-01 10:23:07 ----A---- C:\WINDOWS\system32\apavocubih.com
2009-09-01 10:23:07 ----A---- C:\WINDOWS\evij.com
2009-09-01 10:06:23 ----A---- C:\Boot.bak
2009-09-01 10:06:17 ----RASHD---- C:\cmdcons
2009-09-01 10:04:49 ----A---- C:\WINDOWS\zip.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\SWSC.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\SWREG.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\sed.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\PEV.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-01 10:04:49 ----A---- C:\WINDOWS\grep.exe
2009-09-01 10:04:46 ----D---- C:\WINDOWS\ERDNT
2009-09-01 10:04:43 ----D---- C:\Qoobox
2009-08-29 10:07:51 ----D---- C:\rsit
2009-08-25 21:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-25 21:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-25 21:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-25 21:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 10:53:39 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-08-25 10:53:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-08-25 10:53:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-08-25 10:53:30 ----D---- C:\Program Files\Common Files\xing shared
2009-08-25 10:53:13 ----D---- C:\Program Files\Real
2009-08-25 10:53:13 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-08-25 10:53:08 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-08-25 09:47:24 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-25 09:46:49 ----D---- C:\WINDOWS\Prefetch
2009-08-24 23:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-24 22:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-24 22:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-24 22:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-24 22:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-24 22:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-24 22:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-24 22:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-24 22:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-24 22:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-24 22:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-24 22:35:09 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-24 22:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-24 22:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-24 22:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-24 22:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-24 22:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-24 22:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-24 22:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-24 22:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-24 22:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-24 22:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-08-24 22:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-24 22:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-08-24 22:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-24 22:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-24 22:33:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-24 22:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-24 22:32:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-08-24 22:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-24 22:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-24 22:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-24 22:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-08-24 22:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-24 22:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-24 22:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-24 22:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-24 22:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-08-24 22:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-24 22:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-08-24 22:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-24 22:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-24 22:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-24 22:30:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-08-24 22:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-24 22:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-08-24 22:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-24 22:28:38 ----A---- C:\WINDOWS\setuplog.txt
2009-08-24 22:27:49 ----D---- C:\WINDOWS\system32\scripting
2009-08-24 22:27:49 ----D---- C:\WINDOWS\l2schemas
2009-08-24 22:27:48 ----D---- C:\WINDOWS\system32\en
2009-08-24 22:27:48 ----D---- C:\WINDOWS\system32\bits
2009-08-24 22:23:19 ----D---- C:\WINDOWS\network diagnostic
2009-08-24 22:20:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-24 22:19:19 ----D---- C:\WINDOWS\EHome
2009-08-22 23:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-08-22 23:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-08-22 23:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-08-22 23:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260_0$
2009-08-22 23:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-08-22 23:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-08-22 23:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-08-22 23:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-08-22 23:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-22 23:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-08-22 23:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-08-22 23:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-08-22 23:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-22 23:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-08-22 23:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-22 23:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-08-22 23:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-08-22 23:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-08-22 23:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-08-22 23:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-08-22 23:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-08-22 23:02:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-22 23:02:20 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-22 23:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-22 23:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-08-22 23:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-08-22 23:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-08-22 23:01:29 ----A---- C:\WINDOWS\imsins.BAK
2009-08-22 23:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-08-22 22:15:43 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-08-21 20:11:53 ----D---- C:\Program Files\Trend Micro
2009-08-21 14:04:43 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-21 14:02:24 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-18 20:00:06 ----D---- C:\Documents and Settings\Mica Gries\Application Data\HpUpdate
2009-08-18 20:00:04 ----D---- C:\WINDOWS\Hewlett-Packard

======List of files/folders modified in the last 1 months======

2009-09-08 10:20:27 ----D---- C:\Program Files\Mozilla Firefox
2009-09-08 10:19:10 ----SD---- C:\WINDOWS\Tasks
2009-09-08 09:11:44 ----SHD---- C:\WINDOWS\Installer
2009-09-08 09:11:44 ----HD---- C:\Config.Msi
2009-09-08 08:58:37 ----D---- C:\Documents and Settings\Mica Gries\Application Data\Skype
2009-09-08 08:58:35 ----D---- C:\Documents and Settings\Mica Gries\Application Data\skypePM
2009-09-08 08:58:09 ----D---- C:\WINDOWS
2009-09-08 08:57:05 ----D---- C:\MDT
2009-09-08 00:16:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-07 19:12:27 ----D---- C:\Program Files\World of Warcraft
2009-09-07 18:25:43 ----D---- C:\WINDOWS\system32\drivers
2009-09-07 18:25:43 ----D---- C:\WINDOWS\system32
2009-09-07 18:24:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-07 18:22:35 ----A---- C:\WINDOWS\system.ini
2009-09-07 18:19:17 ----D---- C:\WINDOWS\system32\config
2009-09-07 18:18:55 ----RD---- C:\Program Files
2009-09-07 18:17:34 ----D---- C:\WINDOWS\AppPatch
2009-09-07 18:17:30 ----D---- C:\Program Files\Common Files
2009-09-07 10:32:07 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-06 13:22:36 ----SHD---- C:\WINDOWS\system32\dllcache
2009-09-06 12:00:44 ----HD---- C:\$AVG8.VAULT$
2009-09-05 16:10:55 ----D---- C:\Program Files\Internet Explorer
2009-09-04 14:22:42 ----HD---- C:\WINDOWS\inf
2009-09-04 11:52:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-04 11:51:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-02 08:25:49 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-01 19:39:27 ----A---- C:\WINDOWS\BlendSettings.ini
2009-09-01 10:34:10 ----A---- C:\WINDOWS\wininit.ini
2009-09-01 10:17:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-01 10:06:23 ----RASH---- C:\boot.ini
2009-08-29 14:39:11 ----D---- C:\Program Files\MSN Messenger
2009-08-28 08:57:48 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-26 09:27:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-25 10:55:22 ----D---- C:\Documents and Settings\Mica Gries\Application Data\Real
2009-08-25 10:53:42 ----D---- C:\Program Files\Common Files\Real
2009-08-25 10:53:13 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-08-25 09:50:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-25 09:49:19 ----D---- C:\WINDOWS\Debug
2009-08-25 09:46:21 ----D---- C:\WINDOWS\system32\Setup
2009-08-25 09:46:21 ----D---- C:\WINDOWS\ime
2009-08-25 09:46:21 ----D---- C:\Program Files\Messenger
2009-08-25 09:46:20 ----D---- C:\WINDOWS\system32\wbem
2009-08-25 09:46:20 ----D---- C:\Program Files\Outlook Express
2009-08-25 09:46:20 ----D---- C:\Program Files\Common Files\System
2009-08-25 09:46:19 ----RSD---- C:\WINDOWS\Fonts
2009-08-24 23:13:30 ----D---- C:\WINDOWS\WinSxS
2009-08-24 22:38:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-24 22:36:07 ----D---- C:\WINDOWS\security
2009-08-24 22:27:59 ----D---- C:\WINDOWS\Help
2009-08-24 22:27:49 ----D---- C:\WINDOWS\system32\usmt
2009-08-24 22:27:49 ----D---- C:\WINDOWS\system32\en-US
2009-08-24 22:27:48 ----D---- C:\WINDOWS\PeerNet
2009-08-24 22:27:48 ----D---- C:\Program Files\Movie Maker
2009-08-24 22:25:27 ----D---- C:\WINDOWS\system32\Restore
2009-08-24 22:25:27 ----D---- C:\WINDOWS\system32\npp
2009-08-24 22:25:25 ----D---- C:\WINDOWS\msagent
2009-08-24 22:25:24 ----D---- C:\WINDOWS\srchasst
2009-08-24 22:25:23 ----D---- C:\Program Files\NetMeeting
2009-08-24 22:25:22 ----D---- C:\WINDOWS\system32\Com
2009-08-24 22:25:19 ----D---- C:\Program Files\Windows NT
2009-08-24 22:25:19 ----D---- C:\Program Files\Windows Media Player
2009-08-24 22:25:02 ----D---- C:\WINDOWS\system32\oobe
2009-08-24 22:24:59 ----D---- C:\WINDOWS\system
2009-08-24 22:22:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-23 11:41:28 ----RSD---- C:\WINDOWS\assembly
2009-08-22 23:14:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-22 22:07:32 ----D---- C:\WINDOWS\Minidump
2009-08-21 14:04:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-18 20:00:21 ----D---- C:\Program Files\HP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-28 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-28 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-04 839880]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2007-03-06 55296]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-06-02 223128]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-07-19 254872]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual; C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Documents and Settings\Mica Gries\Desktop\SysProt\SysProtDrv.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ienwhoixjuxptvrx;ienwhoixjuxptvrx; C:\WINDOWS\system32\drivers\ienwhoixjuxptvrx.sys []
S1 pibivvrxqjibcofv;pibivvrxqjibcofv; C:\WINDOWS\system32\drivers\pibivvrxqjibcofv.sys []
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2004-08-10 41984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 gUSBSTOi;gUSBSTOi; \??\C:\DOCUME~1\MICAGR~1\LOCALS~1\Temp\gUSBSTOi.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-07-16 5760096]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.; \??\C:\WINDOWS\system32\Drivers\OEM03Afx.sys []
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM03Vfx.sys [2007-06-17 7424]
S3 OEM03Vid;Creative Camera OEM003 Driver; C:\WINDOWS\system32\DRIVERS\OEM03Vid.sys [2007-06-17 235808]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2009-09-05 94272]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 RP_FWS;TELUS eProtect Firewall; C:\Program Files\TELUS\TELUS eProtect\Fws.exe [2007-09-13 293104]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-04-04 177672]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1ca17c427846f60;Google Update Service (gupdate1ca17c427846f60); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-07 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-21 29744]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-05-21 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Radialpoint Security Services;TELUS eProtect; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
S3 RPSUpdaterR;TELUS eProtect Update Service; C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe [2007-09-13 99056]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



For some reason, the SysProt window that has all the tabs will not close. Any time I click on any part of the window, whether it be the red "X" or the "OK" button, nothing happens except for the "Default Beep" windows sound. I haven't tried closing it using the Task Manager yet, in case there's something I need to do or something I'm missing. I'll wait to hear back from you before I force the application to close. Besides that, no other problems that I can see. The infected drive might be ok. Before, everytime I booted up the computer, AVG would inform me of the infected file, and I would consistently have to heal or remove other infected files (many from C:\System Volume Information/_restore.... Not sure what those files were but they sounded important and I didn't like removing them). Now, that doesn't seem to be a problem. Although I don't for sure, I don't think the driver is infected anymore.
flyingmojo
Regular Member
 
Posts: 51
Joined: August 21st, 2009, 10:59 pm

Re: Win32.FraudLoad.edt? with Log

Unread postby turtledove » September 9th, 2009, 2:30 am

Hello flyingmojo,

Still some work to do, things do look better. You may close the SysProt window using Task Manager.
You have two Anti Virus programs running. If Authentium is provided by your Internet Service then you need to uninstall AVG Anti Virus. Two cause slowdown and conflicts, as well as false positives. Please let me know which you prefer.
*Copy/Print instructions for reference*


Step 1
**DELETE Combofix.exe from your Desktop, and Redownload the newest version please from:
Link 1 OR
Link 2


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all

      http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=45276

    Collect::
         C:\WINDOWS\system32\apavocubih.com
         C:\WINDOWS\evij.com
         C:\WINDOWS\system32\drivers\ienwhoixjuxptvrx.sys
         C:\WINDOWS\system32\drivers\pibivvrxqjibcofv.sys 
         C:\DOCUME~1\MICAGR~1\LOCALS~1\Temp\msohtmlclip1
    Folder::
	C:\Program Files\AntivirusPro_2010
   C:\Documents and Settings\Mica Gries\My Documents\Azureus Downloads

    Driver::
	ienwhoixjuxptvrx
   pibivvrxqjibcofv 


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2

Upload Files for Scanning
Go to VirSCAN & upload the following File/s for scanning.
  • Copy & paste the following File & Path in the text box next to the Browse button.
    Code: Select all
            C:\WINDOWS\system32\drivers\agp440.sys

  • Click Upload.
  • Wait for scans to finish then copy & paste the entire results , not a link, into your next reply.



Post
Combofix.txt
Complete Results of Scanned file
How computer is running

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 507 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware