Redirect

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Redirect

Post by DJ Englewood on Sat Oct 16, 2010 3:13 pm

i'm infected with something it keeps redirecting my searches :sad:

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Sat Oct 16, 2010 8:35 pm

Welcome back.

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sat Oct 16, 2010 10:53 pm

running now :smile2:

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Sat Oct 16, 2010 11:57 pm

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sun Oct 17, 2010 10:45 pm

i re ran it i think it was interrupted

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAddBootEntry, Type: Address change 0x8064FEEB-->ED372130 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x8056F8D7-->ED38B50D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEvent, Type: Address change 0x805744F6-->ED373CE2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEventPair, Type: Address change 0x8065053C-->ED373D3A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateIoCompletion, Type: Address change 0x805E04F5-->ED373E50 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->ED38AEC1 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80582EA8-->ED373C38 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x8056DB66-->ED373D8A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSemaphore, Type: Address change 0x8057F95B-->ED373C8C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateTimer, Type: Address change 0x8059DAF7-->ED373DFE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteBootEntry, Type: Address change 0x80633F02-->ED372154 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->ED38BBD3 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->ED38BCDA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->ED374582 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->ED38BA3E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->ED38B8A9 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805AEDE2-->ED371F5C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtModifyBootEntry, Type: Address change 0x80633F02-->ED372178 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8058E7F1-->ED373D12 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEventPair, Type: Address change 0x8065062F-->ED373D62 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenIoCompletion, Type: Address change 0x80621403-->ED373E7A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->ED38B21D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenMutant, Type: Address change 0x80582F56-->ED373C64 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->ED3743BA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x80578DEE-->ED373DCA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSemaphore, Type: Address change 0x805E7C60-->ED373CBA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->ED37449E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenTimer, Type: Address change 0x80650465-->ED373E28 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->ED38B724 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryObject, Type: Address change 0x8058F010-->ED372B48 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->ED38B576 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x80655EA2-->ED3BC210 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePort, Type: Address change 0x80576817-->ED3746F6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePortEx, Type: Address change 0x8057632F-->ED3742F0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x80656395-->ED38A55C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootEntryOrder, Type: Address change 0x8064FEEB-->ED37219C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootOptions, Type: Address change 0x8064FEEB-->ED3721C0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805B0A14-->ED371FB6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->ED3BBEC8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x8064E8EB-->ED3720C6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x806510D3-->ED3720D8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sun Oct 17, 2010 10:49 pm


!-->[Hidden] C:\Program Files\Common Files\ACD Systems
!-->[Hidden] C:\Program Files\Common Files\ACD Systems
!-->[Hidden] C:\Program Files\Common Files\ACD Systems
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsContactsSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\WindowsMailSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\YahooSync.app
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Dutch.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Dutch.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Dutch.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\English.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\English.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\English.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\fi.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\fi.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\fi.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\French.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\French.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\French.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\German.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\German.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\German.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Italian.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Italian.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Italian.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Japanese.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Japanese.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Japanese.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ko.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ko.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ko.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\no.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\no.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\no.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ru.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ru.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\ru.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Spanish.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Spanish.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\Spanish.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\sv.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\sv.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\sv.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\iCal.syncschema\Contents\Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Outlook.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Outlook.syncschema
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Outlook.syncschema
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\11
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\11
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\11
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Album
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Album
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Album
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\html
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\html
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\html
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\SonicText
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\SonicText
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\SonicText
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\MPEG
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\MPEG
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\MPEG
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\roxhome
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\roxhome
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\roxhome
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Certificates8
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Certificates8
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Certificates8
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_9
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_9
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML_9
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Dragon\1033
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Dragon\1033
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Dragon\1033
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Gracenote
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Gracenote
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Gracenote
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\SharedCom\Lame
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\SharedCom\Lame
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\SharedCom\Lame
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Sidewinder
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Sidewinder
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Sidewinder
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\custom matrices
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\custom matrices
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\custom matrices
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\languages
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\languages
!-->[Hidden] C:\Program Files\Essentials Codec Pack\ffdshow\languages
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\asia\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\asia\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\asia\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Aust\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Aust\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Aust\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Ocen\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Ocen\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\Ocen\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\World\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\World\texture
!-->[Hidden] C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\World\texture
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
!-->[Hidden] C:\Program Files\Mozilla Firefox\searchplugins
!-->[Hidden] C:\Program Files\Mozilla Firefox\searchplugins
!-->[Hidden] C:\Program Files\Mozilla Firefox\searchplugins
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\NovaLogic\Delta Force 2\cache
!-->[Hidden] C:\Program Files\NovaLogic\Delta Force 2\cache
!-->[Hidden] C:\Program Files\NovaLogic\Delta Force 2\cache
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry Media Sync
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry Media Sync
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry Media Sync
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\OE Connector\Microsoft.VC80.ATL
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\OE Connector\Microsoft.VC80.ATL
!-->[Hidden] C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\OE Connector\Microsoft.VC80.ATL
!-->[Hidden] C:\Program Files\Roxio\Audio Capture 9
!-->[Hidden] C:\Program Files\Roxio\Audio Capture 9
!-->[Hidden] C:\Program Files\Roxio\Audio Capture 9
!-->[Hidden] C:\Program Files\Roxio\Audio Master 9
!-->[Hidden] C:\Program Files\Roxio\Audio Master 9
!-->[Hidden] C:\Program Files\Roxio\Audio Master 9
!-->[Hidden] C:\Program Files\Roxio\Media Import 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\Media Import 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\Media Import 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\Media Manager 9\UPnPContent
!-->[Hidden] C:\Program Files\Roxio\Media Manager 9\UPnPContent
!-->[Hidden] C:\Program Files\Roxio\Media Manager 9\UPnPContent
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Collage
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Collage
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Collage
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\LanguageDB
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\LanguageDB
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\LanguageDB
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Logo
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Logo
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\Logo
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\TextEffects
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\TextEffects
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Content\TextEffects
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\PhotoSuite 9\Resources\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Content
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Content
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Content
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Black
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Black
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Black
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\Default\Locale
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\White
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\White
!-->[Hidden] C:\Program Files\Roxio\VideoUI 9\Skins\White
!-->[Hidden] C:\Program Files\Sirius\MySiriusStudio
!-->[Hidden] C:\Program Files\Sirius\MySiriusStudio
!-->[Hidden] C:\Program Files\Sirius\MySiriusStudio
!-->[Hidden] C:\Program Files\Sirius\Sirius Device Recovery
!-->[Hidden] C:\Program Files\Sirius\Sirius Device Recovery
!-->[Hidden] C:\Program Files\Sirius\Sirius Device Recovery
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\TechSmith
!-->[Hidden] C:\Program Files\TechSmith
!-->[Hidden] C:\Program Files\TechSmith
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\imvcache
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\imvcache
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\imvcache
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\yesmyis72\Archive
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\yesmyis72\Archive
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\yesmyis72\Archive
!-->[Hidden] C:\Program Files\Zune
!-->[Hidden] C:\Program Files\Zune
!-->[Hidden] C:\Program Files\Zune
!-->[Hidden] C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1846\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1847
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2141007\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2141007\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2229593
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2279986
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2345886
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB2360131-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938464
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB946648
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950749
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950759-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950760
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950762
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950974
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951066
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951072-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951698
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951978
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952287
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952954
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953838-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953839
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954459
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955759
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956744
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956844
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960859
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB967715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969059
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969947
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970430
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971468
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971486
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971557
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971633
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971657
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971737\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971737\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971961
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973346
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973354
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973507
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973525
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973815
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973869
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973904
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974112
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974318
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974392
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974455-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974571
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975025
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975467
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976325-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976749-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977165
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977816
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977914
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978207-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978251
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978262
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978338
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978542
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978601
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978706
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979309
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979559\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979559\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979683
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980182-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980195
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980218
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980232
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981349
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981957
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982132
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE7\update
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2158563$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2229593$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2296011$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2378111_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB910998$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926239$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929399$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB932716-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936782_WMP11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938464_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946648_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951072-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954154_WM11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954155_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954600$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956841$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956844$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961371-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB967715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968389$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968816_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969059$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969947$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970430$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970653-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971468$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971486$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971737$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971961$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB972270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973525$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973540_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973815$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973904$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974112$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974318$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974392$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974571$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975025$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975467$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975560$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975713$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977165$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977816$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977914$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978037$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978251$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978262$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978542$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978601$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978695_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978706$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979309$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979482$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979559$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979687$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980195$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980218$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980232$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981349$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981793$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981957$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982132$
!-->[Hidden] C:\WINDOWS\$NtUninstallWdf01009$
!-->[Hidden] C:\WINDOWS\$NtUninstallwinusb0100$
!-->[Hidden] C:\WINDOWS\$NtUninstallWMFDist11$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01000$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01009$
!-->[Hidden] C:\WINDOWS\assembly\GAC_32
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_30a0e4ca
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_47229c7a
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_da6d768d
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_12240ac4
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b82ebc87
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a613226f
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2641882a
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_73769fda
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32
!-->[Hidden] C:\WINDOWS\Debug\Setup
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}
!-->[Hidden] C:\WINDOWS\ERDNT
!-->[Hidden] C:\WINDOWS\ie7updates\KB950759-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB953838-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB972260-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB974455-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB976325-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB978207-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB980182-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB982381-IE7
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}
!-->[Hidden] C:\WINDOWS\Installer\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
!-->[Hidden] C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83216011FF}
!-->[Hidden] C:\WINDOWS\Installer\{40A594D0-1490-4979-9382-D2B764F949C6}
!-->[Hidden] C:\WINDOWS\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
!-->[Hidden] C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
!-->[Hidden] C:\WINDOWS\Installer\{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
!-->[Hidden] C:\WINDOWS\Installer\{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
!-->[Hidden] C:\WINDOWS\Installer\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
!-->[Hidden] C:\WINDOWS\Installer\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}
!-->[Hidden] C:\WINDOWS\Installer\{CC23F0EF-15E9-4264-8165-272A5AA2B873}
!-->[Hidden] C:\WINDOWS\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
!-->[Hidden] C:\WINDOWS\PCHEALTH\ErrorRep\QHEADLES
!-->[Hidden] C:\WINDOWS\PCHEALTH\ErrorRep\QSIGNOFF
!-->[Hidden] C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf
!-->[Hidden] C:\WINDOWS\ServicePackFiles\ServicePackCache
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\18f6b4c16b6e97c0405341fa27c62ee8\wm11
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\18f6b4c16b6e97c0405341fa27c62ee8\wm9
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\policy
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\73c53bc9363e2e6052da2282e21dc353\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\73c53bc9363e2e6052da2282e21dc353\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\7743918b8e2a2422f95d7c0e8f069be8\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\7743918b8e2a2422f95d7c0e8f069be8\sp3qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\7743918b8e2a2422f95d7c0e8f069be8\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\a68c3384979889bdeede2ca0a92739be\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\a68c3384979889bdeede2ca0a92739be\download
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\bfb3f53a374032f58b8d9df10c040976
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ymxqpspjq
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ymxqpspjq
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ymxqpspjq
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fmw_64A2807D5FFAB24B7FC682621F98E33A7C797778
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fmw_64A2807D5FFAB24B7FC682621F98E33A7C797778
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fmw_64A2807D5FFAB24B7FC682621F98E33A7C797778
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fw_545C9C7BBA74D86FA58D23F50D79047F3E85921F
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fw_545C9C7BBA74D86FA58D23F50D79047F3E85921F
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_fw_545C9C7BBA74D86FA58D23F50D79047F3E85921F
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_70A7D5DEDB0199B6BBDE0ED17D1FBB785D826B80
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_70A7D5DEDB0199B6BBDE0ED17D1FBB785D826B80
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_70A7D5DEDB0199B6BBDE0ED17D1FBB785D826B80
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_AF6B734C4561BF353A51387A0B918EDA2418BC29
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_AF6B734C4561BF353A51387A0B918EDA2418BC29
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\zsi_zap_AF6B734C4561BF353A51387A0B918EDA2418BC29
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\Temp\NDP1.1sp1-KB2416447-X86
!-->[Hidden] C:\WINDOWS\Temp\Temporary Internet Files
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA84, Type: Inline - RelativeJump 0x804E4A84-->804E4AAB [ntoskrnl.exe]
ntoskrnl.exe+0x0000DAA4, Type: Inline - RelativeJump 0x804E4AA4-->804E4AE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB94, Type: Inline - RelativeJump 0x804E4B94-->804E4B4F [ntoskrnl.exe]
[1048]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1048]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[2100]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2100]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2100]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2100]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2100]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2100]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2100]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2456]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3080]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[3828]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3828]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3828]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3828]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3828]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3828]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3828]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[408]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[408]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[408]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[408]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [IPHk2KS2.dll]
[408]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Mon Oct 18, 2010 9:08 am

I don't want you to have to do this, but we do need this scan.

Please make sure all security software is disabled, and please run RootkitUnhooker once more and post a log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Oct 18, 2010 3:43 pm

DragonMaster Jay wrote:I don't want you to have to do this, but we do need this scan.

Please make sure all security software is disabled, and please run RootkitUnhooker once more and post a log.

i think i have all security disabled do you see something thats still active?

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Oct 18, 2010 7:36 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAddBootEntry, Type: Address change 0x8064FEEB-->EF4F1130 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x8056F8D7-->EF50A50D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEvent, Type: Address change 0x805744F6-->EF4F2CE2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEventPair, Type: Address change 0x8065053C-->EF4F2D3A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateIoCompletion, Type: Address change 0x805E04F5-->EF4F2E50 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->EF509EC1 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80582EA8-->EF4F2C38 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x8056DB66-->EF4F2D8A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSemaphore, Type: Address change 0x8057F95B-->EF4F2C8C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateTimer, Type: Address change 0x8059DAF7-->EF4F2DFE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteBootEntry, Type: Address change 0x80633F02-->EF4F1154 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->EF50ABD3 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->EF50ACDA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->EF4F3582 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->EF50AA3E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->EF50A8A9 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805AEDE2-->EF4F0F5C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtModifyBootEntry, Type: Address change 0x80633F02-->EF4F1178 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8058E7F1-->EF4F2D12 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEventPair, Type: Address change 0x8065062F-->EF4F2D62 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenIoCompletion, Type: Address change 0x80621403-->EF4F2E7A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->EF50A21D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenMutant, Type: Address change 0x80582F56-->EF4F2C64 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->EF4F33BA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x80578DEE-->EF4F2DCA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSemaphore, Type: Address change 0x805E7C60-->EF4F2CBA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->EF4F349E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenTimer, Type: Address change 0x80650465-->EF4F2E28 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->EF50A724 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryObject, Type: Address change 0x8058F010-->EF4F1B48 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->EF50A576 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x80655EA2-->EF53B210 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePort, Type: Address change 0x80576817-->EF4F36F6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtReplyWaitReceivePortEx, Type: Address change 0x8057632F-->EF4F32F0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x80656395-->EF50955C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootEntryOrder, Type: Address change 0x8064FEEB-->EF4F119C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootOptions, Type: Address change 0x8064FEEB-->EF4F11C0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805B0A14-->EF4F0FB6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->EF53AEC8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x8064E8EB-->EF4F10C6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x806510D3-->EF4F10D8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x83BC4490 [4] System
0x831E7B98 [336] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83687850 [408] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8377D9A8 [500] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation, Microsoft® Works Update Detection)
0x83A36B98 [512] C:\Program Files\Philips\PSA2\Skin\QveCplSk.exe (QSound Labs, Inc., PSA2 Control Panel)
0x83679DA0 [584] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard, hpotdd01)
0x8369C3D8 [592] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x833EDB98 [656] C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe (Visual Networks, IP Monitor)
0x833EB980 [672] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited, RIM Auto Update)
0x833D4BB0 [688] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation, Zune Auto-Launcher)
0x836549B0 [700] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x833D0B98 [728] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)
0x83605620 [748] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0x833F8020 [788] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x831F5020 [888] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x8399A998 [920] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x839F5558 [976] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x83790020 [1000] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x837AA020 [1048] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x839999A8 [1060] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x839C0858 [1228] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83796598 [1320] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x837997B8 [1448] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8377D3C8 [1600] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83102C88 [1656] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x831DFBA0 [1708] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x838089E0 [1764] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8220C398 [1804] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8398E3F0 [1868] C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software, avast! firewall service)
0x836C3DA0 [1904] C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft, Ad-Aware Service Application)
0x83A36020 [1980] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x831DE470 [2204] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x83649410 [2384] C:\WINDOWS\system32\pctspk.exe (PCtel, Inc., PCTSPK.EXE)
0x832A1420 [2596] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft, Ad-Aware Tray Application)
0x831AB3B0 [2832] C:\Documents and Settings\Joe\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\xS4m5gk7k7gof6g.exe (UG North, RKULE, SR2 Normandy)
0x83A25908 [2912] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83960B98 [2948] C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation, Zune Bus Enumerator Service)
0x83265B60 [3420] C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation, WMI)
0x83255B28 [3876] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x821A4680 [4032] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF080000 C:\WINDOWS\System32\ati3d1ag.dll 872448 bytes (ATI Technologies Inc. , ati3d1ag.dll)
0xF66ED000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF7389000 vmodem.sys 606208 bytes (PCTEL, INC., HSP Modem Modem Device Driver)
0xF74D9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF60D9000 C:\WINDOWS\system32\drivers\QSoftAud.sys 565248 bytes (QSound Labs, Inc., QSound Virtual Engine driver)
0xF6163000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xEF652000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF655A000 C:\WINDOWS\system32\drivers\smwdm.sys 446464 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF741D000 vpctcom.sys 401408 bytes (PCtel, Inc., HSP Modem Virtual Control Device)
0xF61D4000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF667F000 C:\WINDOWS\system32\drivers\pscaudio.sys 368640 bytes (Philips Components (PSS), Philips Audio WDM Driver)
0xEF74E000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB33E7000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xEF4E1000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 331776 bytes (ALWIL Software, avast! Virtualization Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3036000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xEF61F000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF7626000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF747F000 aswNdis2.sys 184320 bytes (ALWIL Software, avast! Filtering NDIS driver)
0xB3E1A000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF74AC000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2D8B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF6C2000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF70F000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEF532000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xEF5F9000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF665B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF65C7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6638000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF6ED000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75A6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75F6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF65FF000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xF661C000 C:\WINDOWS\System32\DRIVERS\ptserlp.sys 114688 bytes (PCTEL, INC., HSP Modem Serial Device Driver for NT 5.0)
0xF7339000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF75DE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB4507000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF75C6000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xEF737000 C:\WINDOWS\System32\Drivers\aswFW.SYS 94208 bytes (ALWIL Software, avast! Filtering TDI driver)
0xB44A0000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF757D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6243000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7566000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB41B7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF65EB000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF66D9000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF7A7000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7365000 sfvfs02.sys 77824 bytes (Protection Technology, StarForce Protection VFS Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7353000 sfdrv01.sys 73728 bytes (Protection Technology, StarForce Protection Environment Driver)
0xF7594000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7615000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6232000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7378000 TPkd.sys 69632 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xEE213000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF6DEC000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6E2C000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76E5000 vvoice.sys 65536 bytes (PCtel, Inc., HSP Modem device driver)
0xF6E3C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C5000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF6DDC000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEFBC3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7715000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF6814000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF76B5000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6E1C000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6DCC000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7695000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7765000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76F5000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7825000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF6E0C000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7685000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7755000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7895000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF7675000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6804000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6834000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF6824000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF6DFC000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF76A5000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6E4C000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6844000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF78A5000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB2FCE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76D5000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77B5000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A35000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79DD000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF790D000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0xF7905000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7A3D000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79C5000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78F5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7995000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB7DC2000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB7DBA000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7A5D000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A6D000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A7D000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79CD000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF797D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF79D5000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A75000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7915000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7945000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEF7F2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8336000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF6CF3000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5551000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B1D000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB5569000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7A89000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB463C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B5D000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0x83A84000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B25000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6CF7000 C:\WINDOWS\System32\DRIVERS\QsndEnum.sys 12288 bytes (QSound Labs, Inc., PSA2 Bus Enumerator)
0xF7B71000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF72F0000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B79000 aswNdis.sys 8192 bytes (ALWIL Software, avast! Filtering NDIS driver)
0xF7B95000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB4AA8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B93000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B77000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7BA1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8719000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BA3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7C1F000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7C25000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B81000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B75000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D32000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CA4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C43000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D2E000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
!!!!!!!!!!!Hidden driver: 0x83B36292 ?_empty_? 3438 bytes
==============================================


DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Oct 18, 2010 7:37 pm

>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA84, Type: Inline - RelativeJump 0x804E4A84-->804E4A9B [ntoskrnl.exe]
ntoskrnl.exe+0x0000DAA4, Type: Inline - RelativeJump 0x804E4AA4-->804E4AD8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB94, Type: Inline - RelativeJump 0x804E4B94-->804E4B3F [ntoskrnl.exe]
[1048]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1048]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[1448]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1448]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1448]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1448]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1448]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1448]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1448]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1656]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[3292]wuauclt.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3292]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3324]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[408]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[408]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[408]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[408]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[408]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[408]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[408]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [IPHk2KS2.dll]
[408]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[592]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[592]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[592]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[592]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[592]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[592]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[592]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Mon Oct 18, 2010 10:30 pm

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed Oct 20, 2010 4:11 am

DragonMaster Jay wrote:GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

this keeps freezing i have ran it several times and everytime i run it, it freezes :sad:

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Wed Oct 20, 2010 8:35 am

Uncheck devices, and try again, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed Oct 20, 2010 9:57 pm

will do

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Wed Oct 20, 2010 10:00 pm

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Oct 21, 2010 4:16 am

its a no go i did what you said and it just keeps freezing and stays frozen

no matter how many times i try it

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Fri Oct 22, 2010 3:21 am

Please download [You must be registered and logged in to see this link.] and save to your desktop.
[You must be registered and logged in to see this link.]
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sat Oct 23, 2010 6:25 pm

Norman Malware Cleaner
Version 1.8.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/10/21 19:07:10

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/10/21 19:07:10, Variants: 7865045

Scan started: 2010/10/23 12:43:27

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: JOELEE\Joe


Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 297ms


Scanning running processes and process memory...

Number of processes/threads found: 3324
Number of processes/threads scanned: 3324
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 45s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\aaw7boot.logd Settingses (Error opening file: Not found)

C:\amc6371.exesd Settings (Error opening file: Not found)

C:\AUTOEXEC.BAKe (Error opening file: Not found)

C:\AUTOEXEC.DOSgsSettings (Error opening file: Not found)

C:\Boot.bak.dllicy (Error opening file: Not found)

C:\boot.iniexelys (Error opening file: Not found)

C:\BOOTLOG.PRVedll (Error opening file: Not found)

C:\BOOTLOG.TXTs (Error opening file: Not found)

C:\BOOTSECT.DOSd Settings (Error opening file: Not found)

C:\caavsetup.log9bdca46cde987beba (Error opening file: Not found)

C:\caavsetupLog.txtttings (Error opening file: Not found)

C:\CLASSES.1STetup_Tool.exe (Error opening file: Not found)

C:\cmldrents and Settings (Error opening file: Not found)

C:\command.comngs (Error opening file: Not found)

C:\CONFIG.BAKmc (Error opening file: Not found)

C:\CONFIG.DOSelertiesttf (Error opening file: Not found)

C:\CONFIG.SYSssr (Error opening file: Not found)

C:\data371.exesd Settings (Error opening file: Not found)

C:\decoder.DEPKe (Error opening file: Not found)

C:\decoder.exeT (Error opening file: Not found)

C:\DETLOG.TXTOSgsSettings (Error opening file: Not found)

C:\Documents and Settings\Default User\NTUSER.DATysy (Error opening file: Not found)

C:\Documents and Settings\NetworkService\Local Settings\desktop.inieicy (Error opening file: Not found)

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini Datattings (Error opening file: Not found)

C:\Documents and Settings\NetworkService\ntuser.dat.LOGSettings (Error opening file: Not found)

C:\Documents and Settings\NetworkService\ntuser.initsbd44c9ed0b (Error opening file: Not found)

C:\Documents and Settings\smoke s.aiysy (Error opening file: Not found)

C:\gmer.txtion Data (Error opening file: Not found)

C:\hiberfil.sysd Settings (Error opening file: Not found)

C:\hpfr5100.loge (Error opening file: Not found)

C:\image.nrgxeT (Error opening file: Not found)

C:\Install CompuServe7.0\browser.iniog9bdca46cde987beba (Error opening file: Not found)

C:\Install CompuServe7.0\gecko.exeni Datattings (Error opening file: Not found)

C:\io.sysoftSTetup_Tool.exe (Error opening file: Not found)

C:\license.txtLOGSettings (Error opening file: Not found)

C:\midi studio 2004.Key0 (Error opening file: Not found)

C:\MMJB Emanual V1.chmB5E1-96FAEADFB79D.dat (Error opening file: Not found)

C:\mp3 ripper.zipSettings (Error opening file: Not found)

C:\mp3wavc_dm.exebdca46cde987beba (Error opening file: Not found)

C:\MP3_0905_2417.exetings (Error opening file: Not found)

C:\MSDOS.---inamperve70.exe (Error opening file: Not found)

C:\MSDOS.SYSSTetup_Tool.exe (Error opening file: Not found)

C:\NETLOG.TXTmngs (Error opening file: Not found)

C:\net_save.dnay (Error opening file: Not found)

C:\ntdetect.comgs (Error opening file: Not found)

C:\ntldrREGdSelertiesttf (Error opening file: Not found)

C:\pagefile.sysData (Error opening file: Not found)

C:\Program Files\desktop.initeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\DVDParse.DLLrebdca46cde987beba (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Name.ini_2417.exetings (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Order.urltware Updateexe (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Procedure.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Ver.iniloadsOGSettings (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Xill.urlnitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\setup.exetware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\setup.ilg.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\_setup.dlldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\data1.cabSelertiesttf (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\data1.hdrienceSettingses (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\layout.binysData (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exeniteAtReboot.bat (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.ilgiles (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.inixeT (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.inxnmpuServe2000 (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.iss and Settings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{929408E6-D265-4174-805F-81D1D914E2A4}\setup.inx-D33B-433A-956E-B2F236468B56}LV Converter (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\data1.cabtware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\data1.hdr.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\Setup.exeldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\setup.ilgitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\Setup.ini-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\setup.inxdnay (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\0x0409.iniiteAtReboot.bat (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\ISSetup.dlles (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.exexeT (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\Setup.ilgnmpuServe2000 (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.ini and Settings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.isnnieicy (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\data1.cabtware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\data1.hdr.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exeldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.ilgitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.ini-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.inxdnay (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\changes.rtfareSettings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dllF-E292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe4-68D7-4D39-960E-C38F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllEA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeld Installation Information (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exexetings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllre Updateexe (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\unins000.datiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\unins000.msgOGSettings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\zlib.dlli-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\extra.cabiiteAtReboot.bat (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\instmsia.exes (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\LICENSE.TXT292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\Naifiltr.catA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\NaiFiltr.infd Installation Information (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\Readme.txte.exexetings (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\setup.exedllre Updateexe (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\setup.inidatiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Microsoft CAPICOM 2.1.0.2\readme.txtxes (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVApp.logExplorertingses (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVError.logsData (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVVirus.logteAtReboot.bat (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\CfgWiz.datxes (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\COUNTRY.DATe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\defloc.datfrontpage000 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\end_user.txticy (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\exclude.dat265-4174-805F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\exclude.defareSettings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\EXCLUDEL.DATodec Packles (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\FILTER.DATGamesnti-Malware (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\NAVOPTS.BAK292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navopts.datefox4D39-960E-C38F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navopts.deftA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navsess.tplfd Installation Information (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navsess.txt.exexetings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\NAVW32.GID ZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\QuarOpts.datiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\savrt.datstrumentsings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\savrt.defg.ocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\SAVRT32(2).DLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\scancfg.datVirus(2) (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\SRTLEXCL.DATPICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtlexcl.defScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtsexcl.datlorertingses (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtsexcl.defData (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\VERSION.DATteAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\advcheck.dlllorertingses (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\aports.dllefData (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\blindman.exeeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\FOPEXBVKBL.scry (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\KKSCLVVPDQQDB.scrsB-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\messages.zres8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\OptOut.inierd Installation Information (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDFiles.exeZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDMain.exeAssemblies.exe (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDUpdate.exeumentsings (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exeLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\sqlite3.dllarch & Destroy (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\Tools.dlldefScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.datlorertingses (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.exeData (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.msgeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\UninsSrv.dlliguration.ini (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\Update.exedll (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\VYEXLHNLUTWPXPFMK.scr05F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\ZYYSJVDFNUSNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\archive.memocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\fname.memexeLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\setup.txtllarch & Destroy (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\vdmx.cfg.exePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\VDMX.OPNldefScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Windows Media Player\custsat.dllNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Windows Media Player\dlimport.exeodec Packles (Error opening file: Not found)

C:\Program Files\Windows Media Player\eula.txt.def (Error opening file: Not found)

C:\Program Files\Windows Media Player\LegitLibM.dllesnti-Malware (Error opening file: Not found)

C:\Program Files\Windows Media Player\MM Jukebox Plus Upgrade.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Windows Media Player\MM Jukebox Plus Upgrade.WAV8F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Windows Media Player\mplayer2.exes8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\mpvis.dll Informationation Information (Error opening file: Not found)

C:\Program Files\Windows Media Player\msoobci.dll.exexetings (Error opening file: Not found)

C:\Program Files\Windows Media Player\music.bmpxeZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Windows Media Player\NPDRMV2.ZIPeumentsings (Error opening file: Not found)

C:\Program Files\Windows Media Player\NPDS.ZIPmemocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Windows Media Player\npdsplay.dllLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Windows Media Player\npwmsdrm.dllrch & Destroy (Error opening file: Not found)

C:\Program Files\Windows Media Player\pidgen.dllxePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Windows Media Player\setup_wm.exelorertingses (Error opening file: Not found)

C:\Program Files\Windows Media Player\Thumbs.dbmsgeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmdbexport.exePlayer (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmlaunch.exeontpage000 (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpband.dllPXPFMK.scr05F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpenc.exelNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmplayer.exeodec Packles (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpns.dll.dllesnti-Malware (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpnscfg.exelus Upgrade.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpnssci.dlllus Upgrade.WAV8F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpshare.exes8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpvis.dllInformationation Information (Error opening file: Not found)

C:\S50main.mi4lLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\SETUPLOG.TXTrch & Destroy (Error opening file: Not found)

C:\Shortcut to RUNNIG RIOT (C).lnk.02 Demo 30 (Error opening file: Not found)

C:\ST5UNST.LOGelorertingses (Error opening file: Not found)

C:\SUHDLOG.DATorksa (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\fifo.logelf-Extractorde.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\_driver.cfguildertings (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\_filelst.cfgoneUpdateexe (Error opening file: Not found)

C:\win2.log.log (Error opening file: Not found)

C:\YServer.txtllesnti-Malware (Error opening file: Not found)

Scanning: E:\*.*

E:\pedro house\04 MUSIC IS THE KEY.mp3F-81D1D914E2A4} (Error opening file: Not found)

E:\pedro house\32 HERE WE GO.mp3E YOU.mp3 (Error opening file: Not found)

E:\pedro house\6-What Turns Me On-Red Dog.mp3he Hooligans.mp3 (Error opening file: Not found)

E:\pedro house\7-Swinging-Dj Sound.mp3Dog.mp3he Hooligans.mp3 (Error opening file: Not found)

E:\pedro house\Adonis No Way Back.mp3e.mp3 (Error opening file: Not found)

E:\pedro house\Classics-Pineapples - Come On Closer.mp3ovin-(Strictly Rhythm).mp3 (Error opening file: Not found)

E:\pedro house\Debbie Deb When I Hear Music.mp3Ultimix).MP3 (Error opening file: Not found)

E:\pedro house\Den Harrow Megamix '99.mp300.mp3 (Error opening file: Not found)

E:\pedro house\Dont Call Me Baby-Madison Ave.mp3ght(dominatrix12inch).mp3 (Error opening file: Not found)

E:\pedro house\Farley jackmaster funk_jack the bass.mp3Love Can't Turn Around.mp3 (Error opening file: Not found)

E:\pedro house\Feel My Mother f*** Bass-Paul Johnson.mp3e Can't Turn Around.mp3 (Error opening file: Not found)

E:\pedro house\Fresh The Real Love.mp3s.mp3 (Error opening file: Not found)

E:\pedro house\Gerardo Rico Suave.mp3o My Eyes.mp3 (Error opening file: Not found)

E:\pedro house\Go-Troy brown.mp3ember.mp3 (Error opening file: Not found)

E:\pedro house\Thumbs.dbrown.mp3ember.mp3 (Error opening file: Not found)

E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP454\change.logni (Error opening file: Not found)

E:\System Volume Information\_restore{F2F6889F-4C22-4172-BE13-5C8630D49D6E}\RP312\change.logntSize (Error opening file: Not found)

E:\TYRA FROM SAIGON\6329_117573507306_552812306_2768689_2208365_n.jpg.jpg (Error opening file: Not found)

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 916
Number of archives unpacked: 0
Number of files scanned: 683
Number of files not scanned: 233
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 41s

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Sun Oct 24, 2010 6:20 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Oct 25, 2010 6:23 pm

hey this shows personal stuff like ip address and such

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Oct 25, 2010 8:07 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows XP [Version 5.1.2600]


``````````Network and DNS Information``````````




Windows IP Configuration



Host Name . . . . . . . . . . . . : JOELEE

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (10/100)

Physical Address. . . . . . . . . : 00-E0-81-00-5E-6B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.72.134

68.87.77.134

Lease Obtained. . . . . . . . . . : Monday, October 25, 2010 11:01:00 AM

Lease Expires . . . . . . . . . . : Tuesday, October 26, 2010 11:01:00 AM




Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.





``````````Speed-test - Ping``````````


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=47ms TTL=50

Reply from 67.195.160.76: bytes=32 time=45ms TTL=50

Reply from 67.195.160.76: bytes=32 time=47ms TTL=50

Reply from 67.195.160.76: bytes=32 time=45ms TTL=50



Ping statistics for 67.195.160.76:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 47ms, Average = 46ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=89ms TTL=114

Reply from 64.202.189.170: bytes=32 time=91ms TTL=114

Reply from 64.202.189.170: bytes=32 time=87ms TTL=114

Reply from 64.202.189.170: bytes=32 time=87ms TTL=114



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 91ms, Average = 88ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=49ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 49ms, Average = 46ms



Pinging google.com [74.125.95.99] with 32 bytes of data:



Reply from 74.125.95.99: bytes=32 time=25ms TTL=53

Reply from 74.125.95.99: bytes=32 time=22ms TTL=53

Reply from 74.125.95.99: bytes=32 time=24ms TTL=53

Reply from 74.125.95.99: bytes=32 time=21ms TTL=53



Ping statistics for 74.125.95.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 25ms, Average = 23ms


********************
EOF

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Mon Oct 25, 2010 8:36 pm

Not to worry, it is not your IP address of your computer. It is only the IP addresses of the companies tested in the ping test, or the DNS servers you have. Luckily your DNS servers are owned by Comcast.

I was looking for a hacker there, but found nothing.

Is your computer still having redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Oct 25, 2010 9:10 pm

no but pop ups in the browser

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed Oct 27, 2010 6:13 am


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/26/2010 10:23:00 PM
mbam-log-2010-10-26 (22-23-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 279156
Time elapsed: 2 hour(s), 58 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Guest\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\temp\0.016503196824546484.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

but i am still having problems :sad:

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed Oct 27, 2010 6:28 am

now i have no sound im being told there are no active mixer devices available

and i always had sound

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Thu Oct 28, 2010 4:26 am

Looks like the malware killed sound.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Oct 28, 2010 4:35 am

ok

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Oct 28, 2010 5:19 am

it wont let me post the report

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Oct 28, 2010 5:20 am

if i copy and paste the report and hit send it just wont go threw

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Oct 28, 2010 5:34 am

[You must be registered and logged in to see this link.]

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Sat Oct 30, 2010 5:35 am

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sat Oct 30, 2010 5:42 am

will do

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed Nov 03, 2010 11:24 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 02, 2010 16:14:05
Records in database: 4203178
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 189398
Threats found: 4
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 09:28:30


File name / Threat / Threats count
C:\WINDOWS\system32\cryptnet32.dll/C:\WINDOWS\system32\cryptnet32.dll Infected: Trojan.Win32.Delf.aeyp 1
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd Infected: Trojan-Downloader.Java.Agent.hx 1
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe Infected: Trojan.Win32.FakeAv.phm 1
C:\WINDOWS\system32\cryptnet32.dll Infected: Trojan.Win32.Delf.aeyp 1
C:\WINDOWS\Temp\_52.tmp Infected: Trojan-Dropper.Win32.Delf.gqd 1

Selected area has been scanned.

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Nov 08, 2010 1:08 am

:sad:

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Mon Nov 08, 2010 4:43 am

I was on vacation all week. Apparently the other helpers did not see this thread.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Nov 08, 2010 5:28 pm

# Fake antivirus alerts or the icon in the system tray


and firefox keeps crashing

and did kaspersky remove anything?

i see it found stuff but did it remove it?

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Tue Nov 09, 2010 10:49 am

Clean files with OTM

Please download [You must be registered and logged in to see this link.]

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\cryptnet32.dll
    C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd
    C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe
    C:\WINDOWS\system32\cryptnet32.dll
    C:\WINDOWS\Temp\_52.tmp

    :Commands
    [emptytemp]
    [purity]
    [Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Tue Nov 09, 2010 5:44 pm

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cryptnet32.dll
C:\WINDOWS\system32\cryptnet32.dll moved successfully.
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd moved successfully.
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe moved successfully.
File/Folder C:\WINDOWS\system32\cryptnet32.dll not found.
C:\WINDOWS\Temp\_52.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 17402 bytes
->Temporary Internet Files folder emptied: 451934 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 17206651 bytes
->Flash cache emptied: 1113 bytes

User: Joe
->Temp folder emptied: 1821936782 bytes
->Temporary Internet Files folder emptied: 5250115 bytes
->Java cache emptied: 3073529 bytes
->FireFox cache emptied: 108919898 bytes
->Flash cache emptied: 80602 bytes

User: LocalService
->Temp folder emptied: 69832 bytes
->Temporary Internet Files folder emptied: 15357442 bytes
->Flash cache emptied: 33267 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 50418025 bytes
->Java cache emptied: 38 bytes
->Flash cache emptied: 73262 bytes

%systemdrive% .tmp files removed: 16777216 bytes
%systemroot% .tmp files removed: 1460996 bytes
%systemroot%\System32 .tmp files removed: 4182033 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17044036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26550860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 23601860 bytes
RecycleBin emptied: 1147527267 bytes

Total Files Cleaned = 3,109.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11092010_112424

Files moved on Reboot...

Registry entries deleted on Reboot...




as soon as mozilla opened i got a Fake antivirus alerts

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Wed Nov 10, 2010 6:27 am

Investigate MBR/Check for TDL4

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Wed Nov 10, 2010 7:13 pm

i downloaded GMER ran it then when i tried to get the report quik flash then blue screen of death a think now windows will not start Sad tearing

i tried to start it in all safe modes but no good is it dead?

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Thu Nov 11, 2010 4:22 am

Why did you download/run GMER? I said to download the Stealth MBR Rootkit/TDL4 Detector.

Do you have a XP cd or the Recovery Console installed?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Nov 11, 2010 6:09 am

Xp cd no Recovery Console. Not sure how would I find out from the state its in?

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Thu Nov 11, 2010 6:12 am

I did run the mbr from the link you posted

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Fri Nov 12, 2010 11:19 am

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, please do the following:

Please run Stealth MBR Rootkit Detector
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Fri Nov 12, 2010 3:11 pm

if i dont have the cd are there any other options?

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Sat Nov 13, 2010 10:38 am

Yes. Would you rather burn a Recovery disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Sat Nov 13, 2010 2:22 pm

well i have no choice where would i find it?

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Mon Nov 15, 2010 2:45 am

Download [You must be registered and logged in to see this link.] and save it somewhere you can find it.

Download [You must be registered and logged in to see this link.] and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Redirect

Post by DJ Englewood on Mon Nov 15, 2010 6:47 pm

ITS BACK !!! WOOOHOOO Hooray!

DJ Englewood
Intermediate
Intermediate

Status :
Online
Offline

Posts : 128
Joined : 2010-02-09
OS : xp

View user profile

Back to top Go down

Re: Redirect

Post by Dr Jay on Mon Nov 15, 2010 7:08 pm

Excellent. Now see if you can run this scan...

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum