Redirect

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Redirect

Post by DJ Englewood on Sun 17 Oct 2010, 2:13 am

i'm infected with something it keeps redirecting my searches

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Sun 17 Oct 2010, 7:35 am

Welcome back.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sun 17 Oct 2010, 9:53 am

running now

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Sun 17 Oct 2010, 10:57 am

ok


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon 18 Oct 2010, 9:45 am

i re ran it i think it was interrupted

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAddBootEntry, Type: Address change 0x8064FEEB-->ED372130 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x8056F8D7-->ED38B50D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEvent, Type: Address change 0x805744F6-->ED373CE2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEventPair, Type: Address change 0x8065053C-->ED373D3A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateIoCompletion, Type: Address change 0x805E04F5-->ED373E50 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->ED38AEC1 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80582EA8-->ED373C38 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x8056DB66-->ED373D8A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSemaphore, Type: Address change 0x8057F95B-->ED373C8C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateTimer, Type: Address change 0x8059DAF7-->ED373DFE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteBootEntry, Type: Address change 0x80633F02-->ED372154 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->ED38BBD3 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->ED38BCDA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->ED374582 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->ED38BA3E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->ED38B8A9 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805AEDE2-->ED371F5C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtModifyBootEntry, Type: Address change 0x80633F02-->ED372178 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8058E7F1-->ED373D12 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEventPair, Type: Address change 0x8065062F-->ED373D62 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenIoCompletion, Type: Address change 0x80621403-->ED373E7A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->ED38B21D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenMutant, Type: Address change 0x80582F56-->ED373C64 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->ED3743BA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x80578DEE-->ED373DCA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSemaphore, Type: Address change 0x805E7C60-->ED373CBA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->ED37449E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenTimer, Type: Address change 0x80650465-->ED373E28 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->ED38B724 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryObject, Type: Address change 0x8058F010-->ED372B48 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->ED38B576 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x80655EA2-->ED3BC210 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePort, Type: Address change 0x80576817-->ED3746F6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePortEx, Type: Address change 0x8057632F-->ED3742F0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x80656395-->ED38A55C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootEntryOrder, Type: Address change 0x8064FEEB-->ED37219C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootOptions, Type: Address change 0x8064FEEB-->ED3721C0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805B0A14-->ED371FB6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->ED3BBEC8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x8064E8EB-->ED3720C6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x806510D3-->ED3720D8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon 18 Oct 2010, 9:49 am


!-->[Hidden] C:\Program Files\Common Files\ACD Systems
!-->[Hidden] C:\Program Files\Common Files\ACD Systems
!-->[Hidden] C:\Program Files\Common Files\ACD Systems
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Dutch.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Dutch.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Dutch.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\English.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\English.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\English.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\fi.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\fi.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\fi.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\French.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\French.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\French.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\German.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\German.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\German.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Italian.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Italian.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Italian.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Japanese.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Japanese.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Japanese.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ko.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ko.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ko.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\no.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\no.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\no.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ru.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ru.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ru.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Spanish.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Spanish.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Spanish.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\sv.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\sv.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\sv.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Outlook.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Outlook.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Outlook.syncschema
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\11
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\11
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\11
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Album
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Album
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Album
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\html
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\html
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\html
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\SonicText
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\SonicText
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\SonicText
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\MPEG
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\MPEG
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\MPEG
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\roxhome
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\roxhome
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\roxhome
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Certificates8
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Certificates8
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Certificates8
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_9
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_9
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_9
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Dragon\1033
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Dragon\1033
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Dragon\1033
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Gracenote
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Gracenote
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Gracenote
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\SharedCom\Lame
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\SharedCom\Lame
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\SharedCom\Lame
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Sidewinder
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Sidewinder
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Sidewinder
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\custom matrices
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\custom matrices
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\custom matrices
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\languages
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\languages
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\languages
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\asia\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\asia\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\asia\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Aust\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Aust\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Aust\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Ocen\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Ocen\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Ocen\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\World\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\World\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\World\texture
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
!-->[Hidden] C:\Program Files\Mozilla Firefox\searchplugins
!-->[Hidden] C:\Program Files\Mozilla Firefox\searchplugins
!-->[Hidden] C:\Program Files\Mozilla Firefox\searchplugins
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\NovaLogic\Delta Force 2\cache
!-->[Hidden] C:\Program Files\NovaLogic\Delta Force 2\cache
!-->[Hidden] C:\Program Files\NovaLogic\Delta Force 2\cache
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry Media Sync
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry Media Sync
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry Media Sync
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\OE Connector\Microsoft.VC80.ATL
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\OE Connector\Microsoft.VC80.ATL
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\OE Connector\Microsoft.VC80.ATL
!-->[Hidden] C:\Program Files\Roxio\Audio Capture 9
!-->[Hidden] C:\Program Files\Roxio\Audio Capture 9
!-->[Hidden] C:\Program Files\Roxio\Audio Capture 9
!-->[Hidden] C:\Program Files\Roxio\Audio Master 9
!-->[Hidden] C:\Program Files\Roxio\Audio Master 9
!-->[Hidden] C:\Program Files\Roxio\Audio Master 9
!-->[Hidden] C:\Program Files\Roxio\Media Import 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\Media Import 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\Media Import 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\Media Manager 9\UPnPContent
!-->[Hidden] C:\Program Files\Roxio\Media Manager 9\UPnPContent
!-->[Hidden] C:\Program Files\Roxio\Media Manager 9\UPnPContent
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Collage
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Collage
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Collage
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\LanguageDB
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\LanguageDB
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\LanguageDB
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Logo
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Logo
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Logo
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\TextEffects
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\TextEffects
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\TextEffects
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Content
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Content
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Content
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Black
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Black
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Black
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\White
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\White
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\White
!-->[Hidden] C:\Program Files\Sirius\MySiriusStudio
!-->[Hidden] C:\Program Files\Sirius\MySiriusStudio
!-->[Hidden] C:\Program Files\Sirius\MySiriusStudio
!-->[Hidden] C:\Program Files\Sirius\Sirius Device Recovery
!-->[Hidden] C:\Program Files\Sirius\Sirius Device Recovery
!-->[Hidden] C:\Program Files\Sirius\Sirius Device Recovery
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\TechSmith
!-->[Hidden] C:\Program Files\TechSmith
!-->[Hidden] C:\Program Files\TechSmith
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\imvcache
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\imvcache
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\imvcache
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\yesmyis72\Archive
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\yesmyis72\Archive
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\yesmyis72\Archive
!-->[Hidden] C:\Program Files\Zune
!-->[Hidden] C:\Program Files\Zune
!-->[Hidden] C:\Program Files\Zune
!-->[Hidden] C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1846\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1847
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2141007\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2141007\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2229593
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2279986
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2345886
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2360131-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938464
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB946648
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950749
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950759-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950760
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950762
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950974
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951066
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951072-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951698
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951978
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952287
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952954
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953838-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953839
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954459
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955759
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956744
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956844
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960859
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB967715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969059
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969947
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970430
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971468
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971486
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971557
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971633
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971657
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971737\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971737\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971961
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973346
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973354
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973507
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973525
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973815
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973869
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973904
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974112
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974318
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974392
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974455-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974571
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975025
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975467
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976325-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976749-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977165
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977816
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977914
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978207-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978251
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978262
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978338
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978542
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978601
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978706
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979309
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979559\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979559\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979683
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980182-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980195
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980218
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980232
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981349
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981957
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982132
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE7\update
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2158563$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2229593$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2296011$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2378111_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB910998$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926239$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929399$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB932716-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936782_WMP11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938464_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946648_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951072-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954154_WM11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954155_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954600$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956841$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956844$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961371-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB967715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968389$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968816_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969059$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969947$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970430$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970653-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971468$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971486$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971737$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971961$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB972270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973525$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973540_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973815$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973904$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974112$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974318$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974392$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974571$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975025$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975467$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975560$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975713$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977165$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977816$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977914$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978037$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978251$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978262$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978542$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978601$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978695_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978706$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979309$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979482$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979559$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979687$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980195$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980218$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980232$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981349$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981793$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981957$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982132$
!-->[Hidden] C:\WINDOWS\$NtUninstallWdf01009$
!-->[Hidden] C:\WINDOWS\$NtUninstallwinusb0100$
!-->[Hidden] C:\WINDOWS\$NtUninstallWMFDist11$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01000$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01009$
!-->[Hidden] C:\WINDOWS\assembly\GAC_32
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_30a0e4ca
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_47229c7a
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_da6d768d
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_12240ac4
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b82ebc87
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a613226f
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2641882a
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_73769fda
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32
!-->[Hidden] C:\WINDOWS\Debug\Setup
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}
!-->[Hidden] C:\WINDOWS\ERDNT
!-->[Hidden] C:\WINDOWS\ie7updates\KB950759-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB953838-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB972260-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB974455-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB976325-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB978207-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB980182-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB982381-IE7
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}
!-->[Hidden] C:\WINDOWS\Installer\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
!-->[Hidden] C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83216011FF}
!-->[Hidden] C:\WINDOWS\Installer\{40A594D0-1490-4979-9382-D2B764F949C6}
!-->[Hidden] C:\WINDOWS\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
!-->[Hidden] C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
!-->[Hidden] C:\WINDOWS\Installer\{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
!-->[Hidden] C:\WINDOWS\Installer\{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
!-->[Hidden] C:\WINDOWS\Installer\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
!-->[Hidden] C:\WINDOWS\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}
!-->[Hidden] C:\WINDOWS\Installer\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\WINDOWS\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
!-->[Hidden] C:\WINDOWS\PCHEALTH\ErrorRep\QHEADLES
!-->[Hidden] C:\WINDOWS\PCHEALTH\ErrorRep\QSIGNOFF
!-->[Hidden] C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf
!-->[Hidden] C:\WINDOWS\ServicePackFiles\ServicePackCache
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\18f6b4c16b6e97c0405341fa27c62ee8\wm11
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\18f6b4c16b6e97c0405341fa27c62ee8\wm9
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\policy
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\73c53bc9363e2e6052da2282e21dc353\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\73c53bc9363e2e6052da2282e21dc353\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\7743918b8e2a2422f95d7c0e8f069be8\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\7743918b8e2a2422f95d7c0e8f069be8\sp3qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\7743918b8e2a2422f95d7c0e8f069be8\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\a68c3384979889bdeede2ca0a92739be\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\a68c3384979889bdeede2ca0a92739be\download
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\bfb3f53a374032f58b8d9df10c040976
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ymxqpspjq
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ymxqpspjq
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ymxqpspjq
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fmw_64A2807D5FFAB24B7FC682621F98E33A7C797778
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fmw_64A2807D5FFAB24B7FC682621F98E33A7C797778
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fmw_64A2807D5FFAB24B7FC682621F98E33A7C797778
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fw_545C9C7BBA74D86FA58D23F50D79047F3E85921F
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fw_545C9C7BBA74D86FA58D23F50D79047F3E85921F
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fw_545C9C7BBA74D86FA58D23F50D79047F3E85921F
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_70A7D5DEDB0199B6BBDE0ED17D1FBB785D826B80
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_70A7D5DEDB0199B6BBDE0ED17D1FBB785D826B80
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_70A7D5DEDB0199B6BBDE0ED17D1FBB785D826B80
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_AF6B734C4561BF353A51387A0B918EDA2418BC29
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_AF6B734C4561BF353A51387A0B918EDA2418BC29
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_AF6B734C4561BF353A51387A0B918EDA2418BC29
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\Temp\NDP1.1sp1-KB2416447-X86
!-->[Hidden] C:\WINDOWS\Temp\Temporary Internet Files
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA84, Type: Inline - RelativeJump 0x804E4A84-->804E4AAB [ntoskrnl.exe]
ntoskrnl.exe+0x0000DAA4, Type: Inline - RelativeJump 0x804E4AA4-->804E4AE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB94, Type: Inline - RelativeJump 0x804E4B94-->804E4B4F [ntoskrnl.exe]
[1048]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1048]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[2100]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2100]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2100]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2100]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2100]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2100]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2100]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2456]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3080]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[3828]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3828]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3828]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3828]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3828]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3828]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3828]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[408]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[408]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[408]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[408]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [IPHk2KS2.dll]
[408]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Mon 18 Oct 2010, 8:08 pm

I don't want you to have to do this, but we do need this scan.

Please make sure all security software is disabled, and please run RootkitUnhooker once more and post a log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 19 Oct 2010, 2:43 am

DragonMaster Jay wrote:I don't want you to have to do this, but we do need this scan.

Please make sure all security software is disabled, and please run RootkitUnhooker once more and post a log.

i think i have all security disabled do you see something thats still active?

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 19 Oct 2010, 6:36 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAddBootEntry, Type: Address change 0x8064FEEB-->EF4F1130 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x8056F8D7-->EF50A50D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEvent, Type: Address change 0x805744F6-->EF4F2CE2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEventPair, Type: Address change 0x8065053C-->EF4F2D3A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateIoCompletion, Type: Address change 0x805E04F5-->EF4F2E50 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->EF509EC1 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80582EA8-->EF4F2C38 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x8056DB66-->EF4F2D8A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSemaphore, Type: Address change 0x8057F95B-->EF4F2C8C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateTimer, Type: Address change 0x8059DAF7-->EF4F2DFE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteBootEntry, Type: Address change 0x80633F02-->EF4F1154 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->EF50ABD3 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->EF50ACDA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->EF4F3582 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->EF50AA3E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->EF50A8A9 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805AEDE2-->EF4F0F5C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtModifyBootEntry, Type: Address change 0x80633F02-->EF4F1178 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8058E7F1-->EF4F2D12 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEventPair, Type: Address change 0x8065062F-->EF4F2D62 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenIoCompletion, Type: Address change 0x80621403-->EF4F2E7A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->EF50A21D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenMutant, Type: Address change 0x80582F56-->EF4F2C64 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->EF4F33BA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x80578DEE-->EF4F2DCA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSemaphore, Type: Address change 0x805E7C60-->EF4F2CBA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->EF4F349E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenTimer, Type: Address change 0x80650465-->EF4F2E28 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->EF50A724 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryObject, Type: Address change 0x8058F010-->EF4F1B48 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->EF50A576 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x80655EA2-->EF53B210 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePort, Type: Address change 0x80576817-->EF4F36F6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePortEx, Type: Address change 0x8057632F-->EF4F32F0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x80656395-->EF50955C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootEntryOrder, Type: Address change 0x8064FEEB-->EF4F119C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootOptions, Type: Address change 0x8064FEEB-->EF4F11C0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805B0A14-->EF4F0FB6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->EF53AEC8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x8064E8EB-->EF4F10C6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x806510D3-->EF4F10D8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x83BC4490 [4] System
0x831E7B98 [336] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83687850 [408] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8377D9A8 [500] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation, Microsoft® Works Update Detection)
0x83A36B98 [512] C:\Program Files\Philips\PSA2\Skin\QveCplSk.exe (QSound Labs, Inc., PSA2 Control Panel)
0x83679DA0 [584] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard, hpotdd01)
0x8369C3D8 [592] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x833EDB98 [656] C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe (Visual Networks, IP Monitor)
0x833EB980 [672] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited, RIM Auto Update)
0x833D4BB0 [688] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation, Zune Auto-Launcher)
0x836549B0 [700] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x833D0B98 [728] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)
0x83605620 [748] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0x833F8020 [788] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x831F5020 [888] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x8399A998 [920] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x839F5558 [976] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x83790020 [1000] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x837AA020 [1048] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x839999A8 [1060] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x839C0858 [1228] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83796598 [1320] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x837997B8 [1448] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8377D3C8 [1600] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83102C88 [1656] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x831DFBA0 [1708] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x838089E0 [1764] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8220C398 [1804] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8398E3F0 [1868] C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software, avast! firewall service)
0x836C3DA0 [1904] C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft, Ad-Aware Service Application)
0x83A36020 [1980] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x831DE470 [2204] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x83649410 [2384] C:\WINDOWS\system32\pctspk.exe (PCtel, Inc., PCTSPK.EXE)
0x832A1420 [2596] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft, Ad-Aware Tray Application)
0x831AB3B0 [2832] C:\Documents and Settings\Joe\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\xS4m5gk7k7gof6g.exe (UG North, RKULE, SR2 Normandy)
0x83A25908 [2912] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83960B98 [2948] C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation, Zune Bus Enumerator Service)
0x83265B60 [3420] C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation, WMI)
0x83255B28 [3876] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x821A4680 [4032] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF080000 C:\WINDOWS\System32\ati3d1ag.dll 872448 bytes (ATI Technologies Inc. , ati3d1ag.dll)
0xF66ED000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF7389000 vmodem.sys 606208 bytes (PCTEL, INC., HSP Modem Modem Device Driver)
0xF74D9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF60D9000 C:\WINDOWS\system32\drivers\QSoftAud.sys 565248 bytes (QSound Labs, Inc., QSound Virtual Engine driver)
0xF6163000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xEF652000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF655A000 C:\WINDOWS\system32\drivers\smwdm.sys 446464 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF741D000 vpctcom.sys 401408 bytes (PCtel, Inc., HSP Modem Virtual Control Device)
0xF61D4000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF667F000 C:\WINDOWS\system32\drivers\pscaudio.sys 368640 bytes (Philips Components (PSS), Philips Audio WDM Driver)
0xEF74E000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB33E7000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xEF4E1000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 331776 bytes (ALWIL Software, avast! Virtualization Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3036000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xEF61F000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF7626000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF747F000 aswNdis2.sys 184320 bytes (ALWIL Software, avast! Filtering NDIS driver)
0xB3E1A000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF74AC000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2D8B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF6C2000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF70F000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEF532000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xEF5F9000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF665B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF65C7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6638000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF6ED000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75A6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75F6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF65FF000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xF661C000 C:\WINDOWS\System32\DRIVERS\ptserlp.sys 114688 bytes (PCTEL, INC., HSP Modem Serial Device Driver for NT 5.0)
0xF7339000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF75DE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB4507000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF75C6000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xEF737000 C:\WINDOWS\System32\Drivers\aswFW.SYS 94208 bytes (ALWIL Software, avast! Filtering TDI driver)
0xB44A0000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF757D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6243000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7566000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB41B7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF65EB000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF66D9000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF7A7000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7365000 sfvfs02.sys 77824 bytes (Protection Technology, StarForce Protection VFS Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7353000 sfdrv01.sys 73728 bytes (Protection Technology, StarForce Protection Environment Driver)
0xF7594000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7615000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6232000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7378000 TPkd.sys 69632 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xEE213000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF6DEC000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6E2C000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76E5000 vvoice.sys 65536 bytes (PCtel, Inc., HSP Modem device driver)
0xF6E3C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C5000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF6DDC000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEFBC3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7715000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF6814000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF76B5000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6E1C000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6DCC000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7695000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7765000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76F5000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7825000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF6E0C000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7685000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7755000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7895000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF7675000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6804000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6834000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF6824000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF6DFC000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF76A5000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6E4C000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6844000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF78A5000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB2FCE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76D5000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77B5000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A35000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79DD000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF790D000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0xF7905000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7A3D000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79C5000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78F5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7995000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB7DC2000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB7DBA000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7A5D000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A6D000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A7D000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79CD000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF797D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF79D5000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A75000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7915000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7945000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEF7F2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8336000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF6CF3000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5551000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B1D000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB5569000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7A89000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB463C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B5D000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0x83A84000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B25000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6CF7000 C:\WINDOWS\System32\DRIVERS\QsndEnum.sys 12288 bytes (QSound Labs, Inc., PSA2 Bus Enumerator)
0xF7B71000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF72F0000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B79000 aswNdis.sys 8192 bytes (ALWIL Software, avast! Filtering NDIS driver)
0xF7B95000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB4AA8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B93000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B77000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7BA1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8719000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BA3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7C1F000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7C25000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B81000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B75000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D32000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CA4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C43000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D2E000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
!!!!!!!!!!!Hidden driver: 0x83B36292 ?_empty_? 3438 bytes
==============================================


DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 19 Oct 2010, 6:37 am

>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA84, Type: Inline - RelativeJump 0x804E4A84-->804E4A9B [ntoskrnl.exe]
ntoskrnl.exe+0x0000DAA4, Type: Inline - RelativeJump 0x804E4AA4-->804E4AD8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB94, Type: Inline - RelativeJump 0x804E4B94-->804E4B3F [ntoskrnl.exe]
[1048]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1048]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[1448]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1448]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1448]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1448]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1448]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1448]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1448]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1656]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[3292]wuauclt.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[408]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[408]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[408]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[408]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [IPHk2KS2.dll]
[408]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[592]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[592]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[592]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[592]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[592]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[592]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[592]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Tue 19 Oct 2010, 9:30 am

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed 20 Oct 2010, 3:11 pm

DragonMaster Jay wrote:GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

this keeps freezing i have ran it several times and everytime i run it, it freezes

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Wed 20 Oct 2010, 7:35 pm

Uncheck devices, and try again, please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 21 Oct 2010, 8:57 am

will do

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Thu 21 Oct 2010, 9:00 am

ok


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu 21 Oct 2010, 3:16 pm

its a no go i did what you said and it just keeps freezing and stays frozen

no matter how many times i try it

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Fri 22 Oct 2010, 2:21 pm

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sun 24 Oct 2010, 5:25 am

Norman Malware Cleaner
Version 1.8.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/10/21 19:07:10

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/10/21 19:07:10, Variants: 7865045

Scan started: 2010/10/23 12:43:27

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: JOELEE\Joe


Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 297ms


Scanning running processes and process memory...

Number of processes/threads found: 3324
Number of processes/threads scanned: 3324
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 45s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\aaw7boot.logd Settingses (Error opening file: Not found)

C:\amc6371.exesd Settings (Error opening file: Not found)

C:\AUTOEXEC.BAKe (Error opening file: Not found)

C:\AUTOEXEC.DOSgsSettings (Error opening file: Not found)

C:\Boot.bak.dllicy (Error opening file: Not found)

C:\boot.iniexelys (Error opening file: Not found)

C:\BOOTLOG.PRVedll (Error opening file: Not found)

C:\BOOTLOG.TXTs (Error opening file: Not found)

C:\BOOTSECT.DOSd Settings (Error opening file: Not found)

C:\caavsetup.log9bdca46cde987beba (Error opening file: Not found)

C:\caavsetupLog.txtttings (Error opening file: Not found)

C:\CLASSES.1STetup_Tool.exe (Error opening file: Not found)

C:\cmldrents and Settings (Error opening file: Not found)

C:\command.comngs (Error opening file: Not found)

C:\CONFIG.BAKmc (Error opening file: Not found)

C:\CONFIG.DOSelertiesttf (Error opening file: Not found)

C:\CONFIG.SYSssr (Error opening file: Not found)

C:\data371.exesd Settings (Error opening file: Not found)

C:\decoder.DEPKe (Error opening file: Not found)

C:\decoder.exeT (Error opening file: Not found)

C:\DETLOG.TXTOSgsSettings (Error opening file: Not found)

C:\Documents and Settings\Default User\NTUSER.DATysy (Error opening file: Not found)

C:\Documents and Settings\NetworkService\Local Settings\desktop.inieicy (Error opening file: Not found)

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini Datattings (Error opening file: Not found)

C:\Documents and Settings\NetworkService\ntuser.dat.LOGSettings (Error opening file: Not found)

C:\Documents and Settings\NetworkService\ntuser.initsbd44c9ed0b (Error opening file: Not found)

C:\Documents and Settings\smoke s.aiysy (Error opening file: Not found)

C:\gmer.txtion Data (Error opening file: Not found)

C:\hiberfil.sysd Settings (Error opening file: Not found)

C:\hpfr5100.loge (Error opening file: Not found)

C:\image.nrgxeT (Error opening file: Not found)

C:\Install CompuServe7.0\browser.iniog9bdca46cde987beba (Error opening file: Not found)

C:\Install CompuServe7.0\gecko.exeni Datattings (Error opening file: Not found)

C:\io.sysoftSTetup_Tool.exe (Error opening file: Not found)

C:\license.txtLOGSettings (Error opening file: Not found)

C:\midi studio 2004.Key0 (Error opening file: Not found)

C:\MMJB Emanual V1.chmB5E1-96FAEADFB79D.dat (Error opening file: Not found)

C:\mp3 ripper.zipSettings (Error opening file: Not found)

C:\mp3wavc_dm.exebdca46cde987beba (Error opening file: Not found)

C:\MP3_0905_2417.exetings (Error opening file: Not found)

C:\MSDOS.---inamperve70.exe (Error opening file: Not found)

C:\MSDOS.SYSSTetup_Tool.exe (Error opening file: Not found)

C:\NETLOG.TXTmngs (Error opening file: Not found)

C:\net_save.dnay (Error opening file: Not found)

C:\ntdetect.comgs (Error opening file: Not found)

C:\ntldrREGdSelertiesttf (Error opening file: Not found)

C:\pagefile.sysData (Error opening file: Not found)

C:\Program Files\desktop.initeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\DVDParse.DLLrebdca46cde987beba (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Name.ini_2417.exetings (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Order.urltware Updateexe (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Procedure.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Ver.iniloadsOGSettings (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Xill.urlnitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\setup.exetware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\setup.ilg.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\_setup.dlldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\data1.cabSelertiesttf (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\data1.hdrienceSettingses (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\layout.binysData (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exeniteAtReboot.bat (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.ilgiles (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.inixeT (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.inxnmpuServe2000 (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.iss and Settings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{929408E6-D265-4174-805F-81D1D914E2A4}\setup.inx-D33B-433A-956E-B2F236468B56}LV Converter (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\data1.cabtware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\data1.hdr.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\Setup.exeldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\setup.ilgitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\Setup.ini-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\setup.inxdnay (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\0x0409.iniiteAtReboot.bat (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\ISSetup.dlles (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.exexeT (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\Setup.ilgnmpuServe2000 (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.ini and Settings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.isnnieicy (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\data1.cabtware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\data1.hdr.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exeldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.ilgitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.ini-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.inxdnay (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\changes.rtfareSettings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dllF-E292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe4-68D7-4D39-960E-C38F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllEA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeld Installation Information (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exexetings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllre Updateexe (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\unins000.datiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\unins000.msgOGSettings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\zlib.dlli-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\extra.cabiiteAtReboot.bat (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\instmsia.exes (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\LICENSE.TXT292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\Naifiltr.catA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\NaiFiltr.infd Installation Information (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\Readme.txte.exexetings (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\setup.exedllre Updateexe (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\setup.inidatiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Microsoft CAPICOM 2.1.0.2\readme.txtxes (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVApp.logExplorertingses (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVError.logsData (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVVirus.logteAtReboot.bat (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\CfgWiz.datxes (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\COUNTRY.DATe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\defloc.datfrontpage000 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\end_user.txticy (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\exclude.dat265-4174-805F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\exclude.defareSettings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\EXCLUDEL.DATodec Packles (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\FILTER.DATGamesnti-Malware (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\NAVOPTS.BAK292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navopts.datefox4D39-960E-C38F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navopts.deftA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navsess.tplfd Installation Information (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navsess.txt.exexetings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\NAVW32.GID ZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\QuarOpts.datiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\savrt.datstrumentsings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\savrt.defg.ocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\SAVRT32(2).DLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\scancfg.datVirus(2) (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\SRTLEXCL.DATPICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtlexcl.defScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtsexcl.datlorertingses (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtsexcl.defData (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\VERSION.DATteAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\advcheck.dlllorertingses (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\aports.dllefData (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\blindman.exeeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\FOPEXBVKBL.scry (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\KKSCLVVPDQQDB.scrsB-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\messages.zres8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\OptOut.inierd Installation Information (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDFiles.exeZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDMain.exeAssemblies.exe (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDUpdate.exeumentsings (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exeLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\sqlite3.dllarch & Destroy (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\Tools.dlldefScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.datlorertingses (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.exeData (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.msgeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\UninsSrv.dlliguration.ini (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\Update.exedll (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\VYEXLHNLUTWPXPFMK.scr05F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\ZYYSJVDFNUSNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\archive.memocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\fname.memexeLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\setup.txtllarch & Destroy (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\vdmx.cfg.exePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\VDMX.OPNldefScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Windows Media Player\custsat.dllNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Windows Media Player\dlimport.exeodec Packles (Error opening file: Not found)

C:\Program Files\Windows Media Player\eula.txt.def (Error opening file: Not found)

C:\Program Files\Windows Media Player\LegitLibM.dllesnti-Malware (Error opening file: Not found)

C:\Program Files\Windows Media Player\MM Jukebox Plus Upgrade.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Windows Media Player\MM Jukebox Plus Upgrade.WAV8F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Windows Media Player\mplayer2.exes8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\mpvis.dll Informationation Information (Error opening file: Not found)

C:\Program Files\Windows Media Player\msoobci.dll.exexetings (Error opening file: Not found)

C:\Program Files\Windows Media Player\music.bmpxeZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Windows Media Player\NPDRMV2.ZIPeumentsings (Error opening file: Not found)

C:\Program Files\Windows Media Player\NPDS.ZIPmemocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Windows Media Player\npdsplay.dllLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Windows Media Player\npwmsdrm.dllrch & Destroy (Error opening file: Not found)

C:\Program Files\Windows Media Player\pidgen.dllxePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Windows Media Player\setup_wm.exelorertingses (Error opening file: Not found)

C:\Program Files\Windows Media Player\Thumbs.dbmsgeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmdbexport.exePlayer (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmlaunch.exeontpage000 (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpband.dllPXPFMK.scr05F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpenc.exelNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmplayer.exeodec Packles (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpns.dll.dllesnti-Malware (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpnscfg.exelus Upgrade.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpnssci.dlllus Upgrade.WAV8F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpshare.exes8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpvis.dllInformationation Information (Error opening file: Not found)

C:\S50main.mi4lLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\SETUPLOG.TXTrch & Destroy (Error opening file: Not found)

C:\Shortcut to RUNNIG RIOT (C).lnk.02 Demo 30 (Error opening file: Not found)

C:\ST5UNST.LOGelorertingses (Error opening file: Not found)

C:\SUHDLOG.DATorksa (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\fifo.logelf-Extractorde.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\_driver.cfguildertings (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\_filelst.cfgoneUpdateexe (Error opening file: Not found)

C:\win2.log.log (Error opening file: Not found)

C:\YServer.txtllesnti-Malware (Error opening file: Not found)

Scanning: E:\*.*

E:\pedro house\04 MUSIC IS THE KEY.mp3F-81D1D914E2A4} (Error opening file: Not found)

E:\pedro house\32 HERE WE GO.mp3E YOU.mp3 (Error opening file: Not found)

E:\pedro house\6-What Turns Me On-Red Dog.mp3he Hooligans.mp3 (Error opening file: Not found)

E:\pedro house\7-Swinging-Dj Sound.mp3Dog.mp3he Hooligans.mp3 (Error opening file: Not found)

E:\pedro house\Adonis No Way Back.mp3e.mp3 (Error opening file: Not found)

E:\pedro house\Classics-Pineapples - Come On Closer.mp3ovin-(Strictly Rhythm).mp3 (Error opening file: Not found)

E:\pedro house\Debbie Deb When I Hear Music.mp3Ultimix).MP3 (Error opening file: Not found)

E:\pedro house\Den Harrow Megamix '99.mp300.mp3 (Error opening file: Not found)

E:\pedro house\Dont Call Me Baby-Madison Ave.mp3ght(dominatrix12inch).mp3 (Error opening file: Not found)

E:\pedro house\Farley jackmaster funk_jack the bass.mp3Love Can't Turn Around.mp3 (Error opening file: Not found)

E:\pedro house\Feel My Mother f*** Bass-Paul Johnson.mp3e Can't Turn Around.mp3 (Error opening file: Not found)

E:\pedro house\Fresh The Real Love.mp3s.mp3 (Error opening file: Not found)

E:\pedro house\Gerardo Rico Suave.mp3o My Eyes.mp3 (Error opening file: Not found)

E:\pedro house\Go-Troy brown.mp3ember.mp3 (Error opening file: Not found)

E:\pedro house\Thumbs.dbrown.mp3ember.mp3 (Error opening file: Not found)

E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP454\change.logni (Error opening file: Not found)

E:\System Volume Information\_restore{F2F6889F-4C22-4172-BE13-5C8630D49D6E}\RP312\change.logntSize (Error opening file: Not found)

E:\TYRA FROM SAIGON\6329_117573507306_552812306_2768689_2208365_n.jpg.jpg (Error opening file: Not found)

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 916
Number of archives unpacked: 0
Number of files scanned: 683
Number of files not scanned: 233
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 41s

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Mon 25 Oct 2010, 5:20 am

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 26 Oct 2010, 5:23 am

hey this shows personal stuff like ip address and such

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 26 Oct 2010, 7:07 am

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows XP [Version 5.1.2600]


``````````Network and DNS Information``````````




Windows IP Configuration



Host Name . . . . . . . . . . . . : JOELEE

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (10/100)

Physical Address. . . . . . . . . : 00-E0-81-00-5E-6B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.72.134

68.87.77.134

Lease Obtained. . . . . . . . . . : Monday, October 25, 2010 11:01:00 AM

Lease Expires . . . . . . . . . . : Tuesday, October 26, 2010 11:01:00 AM




Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.





``````````Speed-test - Ping``````````


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=47ms TTL=50

Reply from 67.195.160.76: bytes=32 time=45ms TTL=50

Reply from 67.195.160.76: bytes=32 time=47ms TTL=50

Reply from 67.195.160.76: bytes=32 time=45ms TTL=50



Ping statistics for 67.195.160.76:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 47ms, Average = 46ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=89ms TTL=114

Reply from 64.202.189.170: bytes=32 time=91ms TTL=114

Reply from 64.202.189.170: bytes=32 time=87ms TTL=114

Reply from 64.202.189.170: bytes=32 time=87ms TTL=114



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 91ms, Average = 88ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=49ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 49ms, Average = 46ms



Pinging google.com [74.125.95.99] with 32 bytes of data:



Reply from 74.125.95.99: bytes=32 time=25ms TTL=53

Reply from 74.125.95.99: bytes=32 time=22ms TTL=53

Reply from 74.125.95.99: bytes=32 time=24ms TTL=53

Reply from 74.125.95.99: bytes=32 time=21ms TTL=53



Ping statistics for 74.125.95.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 25ms, Average = 23ms


********************
EOF

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DragonMaster Jay on Tue 26 Oct 2010, 7:36 am

Not to worry, it is not your IP address of your computer. It is only the IP addresses of the companies tested in the ping test, or the DNS servers you have. Luckily your DNS servers are owned by Comcast.

I was looking for a hacker there, but found nothing.

Is your computer still having redirects?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue 26 Oct 2010, 8:10 am

no but pop ups in the browser

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed 27 Oct 2010, 5:13 pm


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/26/2010 10:23:00 PM
mbam-log-2010-10-26 (22-23-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 279156
Time elapsed: 2 hour(s), 58 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Guest\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\temp\0.016503196824546484.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

but i am still having problems

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed 27 Oct 2010, 5:28 pm

now i have no sound im being told there are no active mixer devices available

and i always had sound

DJ Englewood

Rookie Surfer
Rookie Surfer

Posts : 128
Joined : 2010-02-09
Operating System : xp

View user profile

Back to top Go down

Re: Redirect

Post by Sponsored content Today at 7:59 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum