Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google searches getting redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google searches getting redirected

Unread postby Butcher » July 5th, 2010, 11:46 am

Hello,
Recently my Google searches are getting redirected.My OS is XP Pro.I have AVAST antivirus,ADAWARE,Spybot and Windows Defender(not very useful and can't get updates-separate issue).Any help will be greatly appreaciated.Here are the requested logs.

Thanks,
Butcher

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:32 AM, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.n
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Owner\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Owner\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9996 bytes


Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
avast! Antivirus
Belarc Advisor 5.1
Brother MFL-Pro Suite MFC-490CW
Costco Photo Organizer
Dimera 2000_3500
Easy CD & DVD Creator 6
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Junk Mail filter update
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PaperPort Image Printer
PhotoSuite 4 (Remove Only)
PowerDVD
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio EasyWrite Reader
Roxio Express Labeler 3
Roxio MyDVD
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
The Complete Reference Collection 1998
UltimateBet
Uniblue RegistryBooster
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V3930 Digital Camera Driver
V3930 User's Manual
Verizon Online Help and Support
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Webster's World Encyclopedia DVD
Windows Defender
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows XP Service Pack 3
WinZip
ZoneAlarm
ZoneAlarm Toolbar
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am
Advertisement
Register to Remove

Re: Google searches getting redirected

Unread postby MWR 3 day Mod » July 9th, 2010, 12:23 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Google searches getting redirected

Unread postby Airscape » July 10th, 2010, 12:51 pm

Hi Butcher, welcome to the forum. :)

I will help you, but bare in mind, I'm still in training which means I need to get all posts I intend to make reviewed by an expert.
Therefore this may add a slight delay in between posts. Your patience is much appreciated.

Note:the forum is very busy and if you no longer require help, please let me know so this topic can be closed. Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Airscape » July 10th, 2010, 10:52 pm

Hi Butcher,


Rkill
Please download Rkill from Here, Here,Here, or Here and save to the desktop.
  • Double click on Rkill to run it.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware and click the Update tab >> then Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post this log in your next reply.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • If asked to restart the computer to finish cleaning, please do so.
If you receive an (Error Loading) error on reboot, please reboot a second time.
It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer/Ad aware etc),
they may interfere with the fix or alert you after scanning with MBAM.
Please Uninstall such programs Via Start > Control Panel > Add/Remove Programs until disinfection is complete or permit them to allow the changes.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Random's System Information Tool (RSIT)
  • Please download RSIT by random/random from here and save it to your desktop.
  • Double-click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note: both logs can be found in the C:\rsit folder if you lose them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logs/information to post in next reply:
  • MBAM log
  • RSIT logs (log.txt and info.txt)
  • How is the pc running?... still getting redirects?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 12th, 2010, 6:19 pm

Hi,
Thank you for responding to me.Here are the requested logs Avast did find a trojan JS:Downloader found in the documents and settings\network service\local settings\temporary internet files\contentIE.5\UMOZEOOK.

Thanks,
Butcher


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4303

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/11/2010 2:13:25 PM
mbam-log-2010-07-11 (14-13-25).txt

Scan type: Quick scan
Objects scanned: 134050
Time elapsed: 11 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-07-11 14:45:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (41%) free of 38 GB
Total RAM: 991 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:17 PM, on 7/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.n
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Owner\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Owner\Start Menu\Programs\UltimateBet\UltimateBet.lnk (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9713 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2009-02-16 868352]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-06-04 282624]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-05-26 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-06-20 864112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-29 1085440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-06-04 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2003-05-07 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-11 14:19:18 ----D---- C:\rsit
2010-07-03 08:40:19 ----D---- C:\Program Files\Trend Micro
2010-07-02 12:36:21 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-07-02 12:35:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-02 12:35:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-02 12:35:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-02 12:35:56 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-29 20:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-19 09:06:59 ----D---- C:\Documents and Settings\Owner\Application Data\CheckPoint
2010-06-19 09:06:30 ----D---- C:\Program Files\CheckPoint
2010-06-19 09:06:24 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-06-19 09:06:21 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-06-19 09:06:21 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-06-19 09:06:15 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-06-19 09:06:14 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-06-19 09:06:14 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-06-19 09:06:13 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-06-19 09:06:13 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-06-19 09:06:13 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-06-19 09:06:11 ----A---- C:\WINDOWS\system32\vsdatant.sys
2010-06-19 09:00:37 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-06-19 09:00:37 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-06-19 09:00:37 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-06-19 08:59:53 ----D---- C:\Program Files\Zone Labs
2010-06-19 08:59:41 ----D---- C:\WINDOWS\Internet Logs

======List of files/folders modified in the last 1 months======

2010-07-11 14:46:13 ----D---- C:\WINDOWS\Temp
2010-07-11 14:33:00 ----D---- C:\WINDOWS\system32
2010-07-11 14:31:28 ----D---- C:\WINDOWS\Prefetch
2010-07-11 13:56:41 ----D---- C:\Program Files\Mozilla Firefox
2010-07-11 12:36:34 ----SD---- C:\WINDOWS\Tasks
2010-07-11 12:33:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-05 11:29:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-05 10:45:45 ----SHD---- C:\WINDOWS\Installer
2010-07-03 08:40:19 ----RD---- C:\Program Files
2010-07-02 12:35:59 ----D---- C:\WINDOWS\system32\drivers
2010-06-29 21:30:44 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-29 21:30:01 ----RSD---- C:\WINDOWS\assembly
2010-06-29 21:21:33 ----D---- C:\WINDOWS
2010-06-29 21:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-29 21:02:59 ----D---- C:\WINDOWS\WinSxS
2010-06-29 20:59:22 ----HD---- C:\WINDOWS\inf
2010-06-29 20:59:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-29 20:59:09 ----D---- C:\Program Files\Outlook Express
2010-06-20 09:13:15 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-06-15 19:03:47 ----D---- C:\WINDOWS\security
2010-06-13 09:24:10 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-06 64288]
R0 MrFilter;EasyWrite Driver; C:\WINDOWS\system32\drivers\MrFilter.sys [2003-12-01 12384]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 Vmodem;XP Vmodem; C:\WINDOWS\System32\DRIVERS\vmodem.sys [2001-08-17 604253]
R0 Vpctcom;XP Vpctcom; C:\WINDOWS\System32\DRIVERS\vpctcom.sys [2001-08-17 397502]
R0 Vvoice;XP Vvoice; C:\WINDOWS\System32\DRIVERS\vvoice.sys [2001-08-17 64605]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [1998-06-02 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-03-12 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-03-12 9200]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2009-02-16 259200]
R1 DSC2PAR;DSC2PAR; C:\WINDOWS\system32\drivers\DSC2PAR.sys [1998-06-14 65792]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2009-02-16 146560]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2009-02-16 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2009-02-16 213120]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2009-02-16 21993]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-03 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2009-02-16 22745]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2004-12-10 30336]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-05-26 2437176]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-07-11 14:19:54

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\S3\S3\S3.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belarc Advisor 5.1-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Brother MFL-Pro Suite MFC-490CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9_C2 -removeonly
Costco Photo Organizer-->MsiExec.exe /X{788B97E8-D825-419A-8558-1C0B344C5371}
Dimera 2000_3500-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RELISYS\Dimera 2000_3500\Uninst.isu"
Easy CD & DVD Creator 6-->MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PhotoSuite 4 (Remove Only)-->"C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu" -c"C:\Program Files\Roxio\PhotoSuite 4\System\CustomUninstall.dll"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio EasyWrite Reader-->C:\WINDOWS\System32\MRFUNIN.EXE
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Complete Reference Collection 1998-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Compton's Home Library\CRC98\DeIsL1.isu"
UltimateBet-->C:\Program Files\_uninstallation_info\UltimateBet\CasinoUninstall.exe
Uniblue RegistryBooster-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
V3930 Digital Camera Driver-->C:\PROGRA~1\V3930D~1\UNWISE.EXE C:\PROGRA~1\V3930D~1\INSTALL.LOG
V3930 User's Manual-->C:\PROGRA~1\V3930C~1\UNWISE.EXE C:\PROGRA~1\V3930C~1\INSTALL.LOG
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Webster's World Encyclopedia DVD-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Webster's World Encyclopedia DVD 2000\DeIsL2.isu" -cC:\PROGRA~1\WEBSTE~1\_ISREG32.DLL
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm Toolbar-->C:\Program Files\CheckPoint\ZAForceField\Clean_tool.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100711-1]
FW: ZoneAlarm Firewall

======System event log======

Computer Name: JGC2QQKD9AHYLKR
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {1D289065-D846-4D8F-9ACA-0AC2E9710720}

User: JGC2QQKD9AHYLKR\Owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:avastTestService

Alert Type: Unclassified software

Detection Type:

Record Number: 8172
Source Name: WinDefend
Time Written: 20100509071811.000000-240
Event Type: warning
User:

Computer Name: JGC2QQKD9AHYLKR
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {299D72E4-8B0A-4531-A7CD-FEAF619D20E2}

User: JGC2QQKD9AHYLKR\Owner

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: service:avastTestService

Alert Type: Unclassified software

Detection Type:

Record Number: 8171
Source Name: WinDefend
Time Written: 20100509071811.000000-240
Event Type: warning
User:

Computer Name: JGC2QQKD9AHYLKR
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 8144
Source Name: W32Time
Time Written: 20100508214211.000000-240
Event Type: warning
User:

Computer Name: JGC2QQKD9AHYLKR
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 8086
Source Name: W32Time
Time Written: 20100505220058.000000-240
Event Type: warning
User:

Computer Name: JGC2QQKD9AHYLKR
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 7974
Source Name: W32Time
Time Written: 20100502222355.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: JGC2QQKD9AHYLKR
Event Code: 1517
Message: Windows saved user JGC2QQKD9AHYLKR\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 39482
Source Name: Userenv
Time Written: 20090708233157.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JGC2QQKD9AHYLKR
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 39481
Source Name: Userenv
Time Written: 20090708233154.000000-240
Event Type: warning
User: JGC2QQKD9AHYLKR\Owner

Computer Name: JGC2QQKD9AHYLKR
Event Code: 12001
Message:
Record Number: 39474
Source Name: usnjsvc
Time Written: 20090708114359.000000-240
Event Type:
User:

Computer Name: JGC2QQKD9AHYLKR
Event Code: 1517
Message: Windows saved user JGC2QQKD9AHYLKR\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 39471
Source Name: Userenv
Time Written: 20090707085715.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JGC2QQKD9AHYLKR
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 39470
Source Name: Userenv
Time Written: 20090707085712.000000-240
Event Type: warning
User: JGC2QQKD9AHYLKR\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"tvdumpflags"=8

-----------------EOF-----------------
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 12th, 2010, 10:08 pm

Hi butcher.

Backup the Registry:
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes System registry and Current user registry are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: To restore the registry in the event of problems after running any fixes.
Navigate to and click this file (C:\windows\ERDNT\ERDNT.exe) then restart the pc.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

TDSSKiller.exe
Please Download TDSSKiller.exe and save it on your desktop.
Important!: only run this fix once.
Double-click the file tdsskiller.exe to run it.
If prompted to restart the pc, please do so.
a log file should be created at C:\TDSSKiller 2.1.1 Jul 13 2010 02:43:02
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rootkit Unhooker
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
  • If the report is long, spread it into multiple posts or zip it up and attach it to your post.

Please post both logs and tell me how the pc is running.... still redirects etc?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 14th, 2010, 10:16 pm

Hello,
I ran the scans as you suggested.I did a few Google searches and have not seen any redirects.At the end of the rootkit scan it said possible rootkit activity detected.Please advise as to what else I should do.Here are the requested logs.Rootkit scan in second message.

Thanks,

Butcher

20:52:07:140 3064 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
20:52:07:140 3064 ================================================================================
20:52:07:140 3064 SystemInfo:

20:52:07:140 3064 OS Version: 5.1.2600 ServicePack: 3.0
20:52:07:140 3064 Product type: Workstation
20:52:07:140 3064 ComputerName: JGC2QQKD9AHYLKR
20:52:07:156 3064 UserName: Owner
20:52:07:156 3064 Windows directory: C:\WINDOWS
20:52:07:156 3064 System windows directory: C:\WINDOWS
20:52:07:156 3064 Processor architecture: Intel x86
20:52:07:156 3064 Number of processors: 1
20:52:07:156 3064 Page size: 0x1000
20:52:07:156 3064 Boot type: Normal boot
20:52:07:156 3064 ================================================================================
20:52:07:531 3064 Initialize success
20:52:07:531 3064
20:52:07:531 3064 Scanning Services ...
20:52:08:125 3064 Raw services enum returned 355 services
20:52:08:125 3064
20:52:08:125 3064 Scanning Drivers ...
20:52:09:562 3064 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:52:09:906 3064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:52:10:062 3064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:52:10:281 3064 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:52:10:406 3064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:52:10:531 3064 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:52:10:734 3064 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:52:10:875 3064 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
20:52:11:031 3064 Asushwio (de91d0d73c3e61e6826d98fac2fac729) C:\WINDOWS\system32\drivers\Asushwio.sys
20:52:11:078 3064 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20:52:11:125 3064 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
20:52:11:156 3064 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
20:52:11:218 3064 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
20:52:11:281 3064 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
20:52:11:390 3064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:52:11:562 3064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:52:11:734 3064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:52:11:812 3064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:52:11:906 3064 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:52:12:015 3064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:52:12:140 3064 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
20:52:12:187 3064 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
20:52:12:578 3064 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
20:52:12:781 3064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:52:12:984 3064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:52:13:140 3064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:52:13:312 3064 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:52:13:359 3064 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:52:13:437 3064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:52:13:593 3064 cdudf_xp (d6af450ee494df67a6d4e26b4ce34f09) C:\WINDOWS\system32\drivers\cdudf_xp.sys
20:52:14:046 3064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:52:14:171 3064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:52:14:531 3064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
20:52:14:578 3064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:52:14:640 3064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:52:14:781 3064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:52:14:968 3064 DSC2PAR (726a92841aff2bbeab734ebf1adae0ba) C:\WINDOWS\system32\drivers\DSC2PAR.sys
20:52:15:093 3064 DVDVRRdr_xp (e1b79d42d7946f1c85797ea2d56a01f0) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
20:52:15:218 3064 dvd_2K (d58a3c236b37a3a1f76b8f9c6288d1c3) C:\WINDOWS\system32\drivers\dvd_2K.sys
20:52:15:359 3064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:52:15:468 3064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:52:15:562 3064 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:52:15:718 3064 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:52:15:843 3064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:52:15:906 3064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:52:15:968 3064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:52:16:140 3064 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:52:16:265 3064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:52:16:375 3064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:52:16:468 3064 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:52:16:546 3064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:52:16:625 3064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:52:16:843 3064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:52:17:062 3064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:52:17:125 3064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:52:17:312 3064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:52:17:406 3064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:52:17:500 3064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:52:17:562 3064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:52:17:609 3064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:52:17:640 3064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:52:17:671 3064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:52:17:812 3064 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:52:17:906 3064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:52:17:984 3064 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
20:52:18:062 3064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:52:18:140 3064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:52:18:250 3064 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:52:18:343 3064 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
20:52:18:468 3064 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
20:52:18:609 3064 mmc_2K (af89fa6cc924729ded21d4c3be413cca) C:\WINDOWS\system32\drivers\mmc_2K.sys
20:52:18:703 3064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:52:18:781 3064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:52:18:828 3064 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:52:18:890 3064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:52:18:937 3064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:52:19:000 3064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:52:19:156 3064 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
20:52:19:171 3064 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
20:52:19:296 3064 MrFilter (0eb313f1e29715a4742ff259d4443244) C:\WINDOWS\system32\drivers\MrFilter.sys
20:52:19:406 3064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:52:19:484 3064 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:52:19:640 3064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:52:19:703 3064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:52:19:796 3064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:52:19:859 3064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:52:19:921 3064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:52:20:015 3064 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
20:52:20:187 3064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:52:20:234 3064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:52:20:281 3064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:52:20:375 3064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:52:20:453 3064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:52:20:484 3064 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:52:20:515 3064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:52:20:625 3064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:52:20:687 3064 NPF (f498c5c3399a60933196fc215ef074f9) C:\WINDOWS\system32\drivers\npf.sys
20:52:20:718 3064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:52:20:781 3064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:52:20:859 3064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:52:20:906 3064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:52:21:031 3064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:52:21:093 3064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:52:21:125 3064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:52:21:187 3064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:52:21:218 3064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:52:21:546 3064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:52:21:812 3064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:52:21:843 3064 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:52:21:890 3064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:52:21:921 3064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:52:22:015 3064 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
20:52:22:171 3064 pwd_2k (1c2b63fefbd912055ec885894d001dfd) C:\WINDOWS\system32\drivers\pwd_2k.sys
20:52:22:343 3064 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:52:22:687 3064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:52:22:812 3064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:52:22:875 3064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:52:22:968 3064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:52:23:015 3064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:52:23:046 3064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:52:23:125 3064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:52:23:265 3064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:52:23:375 3064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:52:23:437 3064 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:52:23:515 3064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:52:23:562 3064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:52:23:609 3064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:52:23:703 3064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:52:23:875 3064 smwdm (1d381a07361e4d6a8be95026b3eba47a) C:\WINDOWS\system32\drivers\smwdm.sys
20:52:24:109 3064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:52:24:140 3064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:52:24:218 3064 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:52:24:281 3064 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:52:24:312 3064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:52:24:343 3064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:52:24:578 3064 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
20:52:24:750 3064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:52:24:843 3064 Tcpip (a8bbacfe53d323d385166ddee96e6755) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:52:24:843 3064 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: a8bbacfe53d323d385166ddee96e6755, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
20:52:24:843 3064 File "C:\WINDOWS\system32\DRIVERS\tcpip.sys" infected by TDSS rootkit ... 20:52:25:093 3064 Backup copy found, using it..
20:52:25:109 3064 will be cured on next reboot
20:52:25:296 3064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:52:25:359 3064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:52:25:468 3064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:52:25:546 3064 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:52:25:703 3064 UdfReadr_xp (6b9a26d1cfdd3c9b4623c33637495568) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
20:52:25:765 3064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:52:25:937 3064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:52:26:062 3064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:52:26:156 3064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:52:26:265 3064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:52:26:343 3064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:52:26:406 3064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:52:26:453 3064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:52:26:500 3064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:52:26:546 3064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:52:26:640 3064 viagfx (29d6a65fdc694cb1ef2cc6bbe5f79b3b) C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:52:26:718 3064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:52:26:781 3064 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
20:52:26:843 3064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:52:26:984 3064 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
20:52:27:281 3064 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
20:52:27:343 3064 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
20:52:27:468 3064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:52:27:640 3064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:52:27:718 3064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:52:27:718 3064 Reboot required for cure complete..
20:52:28:296 3064 Cure on reboot scheduled successfully
20:52:28:296 3064
20:52:28:296 3064 Completed
20:52:28:296 3064
20:52:28:296 3064 Results:
20:52:28:296 3064 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:52:28:296 3064 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:52:28:296 3064
20:52:28:296 3064 KLMD(ARK) unloaded successfully
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Butcher » July 14th, 2010, 10:18 pm

Rootkit scan

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF012000 C:\WINDOWS\System32\vtdisp.dll 1900544 bytes (VIA/S3 Graphics, Inc., VIA/S3G Graphics Driver)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7419000 vmodem.sys 606208 bytes (PCTEL, INC., HSP Modem Modem Device Driver)
0xF6899000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF753C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5436000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xF5351000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF74AD000 vpctcom.sys 401408 bytes (PCtel, Inc., HSP Modem Virtual Control Device)
0xF6750000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF55A5000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF075A000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF00AF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF56C8000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 262144 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF564B000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 217088 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF67AE000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7680000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF0801000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF750F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF53E9000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF54B7000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF762A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF557F000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5692000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 147456 bytes (Roxio, DVDVR XP Filesystem Reader Driver)
0xF530C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6875000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6967000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6944000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5414000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5330000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75F2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7650000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF6927000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF69BB000 C:\WINDOWS\System32\DRIVERS\vtmini.sys 118784 bytes (Copyright (C) VIA/S3 Graphics, Inc., VIA/S3G Miniport Driver)
0xF698B000 C:\WINDOWS\System32\DRIVERS\ptserlp.sys 114688 bytes (PCTEL, INC., HSP Modem Serial Device Driver for NT 5.0)
0xF73FF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7612000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF52F4000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF75C9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF684A000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF0A5E000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF0745000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6861000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF69A7000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF55FE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF75E0000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF766F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6839000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF788F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF78DF000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF774F000 vvoice.sys 65536 bytes (PCtel, Inc., HSP Modem device driver)
0xF78BF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF772F000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF789F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0BCC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6A68000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF771F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF78FF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76FF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF54FF000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF76CF000 klmdb.sys 49152 bytes
0xF791F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78CF000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF69F8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF78AF000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF76EF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF790F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF775F000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF787F000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF6A38000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF76DF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF779F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF773F000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF778F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF770F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6A48000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF792F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6A18000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEFEAF000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF6A28000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A6F000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF7A9F000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm ForceField)
0xF79B7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7A27000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7A37000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF794F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7A57000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7A3F000 C:\WINDOWS\System32\Drivers\DSC2PAR.SYS 24576 bytes
0xF79FF000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 24576 bytes (Roxio, DVD-RAM AddOn Driver)
0xF79D7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79F7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7AC7000 C:\WINDOWS\System32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF79BF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A17000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A47000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7A07000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7A1F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7957000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79E7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF79EF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A67000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF0411000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF7B73000 C:\WINDOWS\System32\Drivers\MrFilter.SYS 16384 bytes (Roxio, EasyWrite Filter Driver)
0xF7BA3000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF0D9C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B7F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7ADF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7BC7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B83000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7B6F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF5744000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7B87000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B5F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF6829000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7BE5000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7BEF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BD5000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7C05000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7BED000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7BCF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BF1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7C5F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BF3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BE7000 C:\WINDOWS\System32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7BE9000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BEB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7BD3000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7BD1000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D01000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C9B000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xF7DEB000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7DEC000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7D9F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D00000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7DED000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\InstallShield
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\%APPDATA%
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\new\%APPDATA%
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search Enhancement Pack
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\Entries
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\ResourceData
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\Resources
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Quick
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\System
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Store
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\WLSetup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Roxio\VideoWave10\GEN_MGI_Content
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Roxio\VideoWave10\Images
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\ScanSoft
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
!-->[Hidden] C:\Documents and Settings\All Users\Documents\BrFaxRx
!-->[Hidden] C:\Documents and Settings\All Users\Documents\microsoft
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Brother
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Costco Photo Organizer
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PaperPort 11
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Roxio
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Messenger
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J6KNBT49
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KFLZUIRP
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MXXIBET8
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TJR7DHOE
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\38KAYBO4
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\3JZ5DJA9
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\5HI8VIT4
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\6GE458KM
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\CJZ3FN15
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\DAC27TTQ
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\GWBZT8TW
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\K47Y58OG
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\LV6YGYPY
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\MEXBK5CZ
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\S6M19J74
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\SZ36VLLR
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\AdobeUM
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Microsoft\CryptnetUrlCache
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\UserData
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\MSHist012010061420100621
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\MSHist012010070320100704
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\MSHist012010070420100705
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1ZYPUY6Z
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\23K4MST5
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2EA6UIRD
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5D3NAPGE
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\69Q3KQK3
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\944V43V4
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B16TKE6J
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BK5QD8FT
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CELDSCA2
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PS9RYAG2
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SAJ2SNPE
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SOCT0FHH
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\STQ0M0AZ
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UM0ZECOK
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V5NBXFS8
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WCWVUQQW
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9ATB21Q
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YL39AVK5
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z6UY1PXL
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temp\IswTmp
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\AdobeUM
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Brother
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\CheckPoint
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Costco Photo Organizer
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\InstallShield
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Leadertech
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\AddIns
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Excel
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\FrontPage
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\IdentityCRL
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Installer
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Movie Maker
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\MSN Messenger
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\PowerPoint
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Proof
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Speech
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Templates
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Live
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Word
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Crash Reports
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.tbf\minidumps
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Roxio\MediaManager10
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Roxio\MyDVD10
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Roxio\PhotoSuite4\TempPS4\Create
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Roxio\RoxioCentral
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Roxio\VideoUI10
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Uniblue
!-->[Hidden] C:\Documents and Settings\Owner\Contacts
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\ariah
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\CalifSept09\lisaweddingrehearsal
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\camera
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\carol
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\cd cal
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\city
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\lisa50th\lisa
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\malware fixes
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\MOM
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\New Folder
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\newpics1
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\summer06
!-->[Hidden] C:\Documents and Settings\Owner\Favorites\Ralphie
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\00\11
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\09
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\15
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\03
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\10
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\14
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\14
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\09
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\05
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\13
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\15
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\05
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\10
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\08
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\10
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\14
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\02
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\07
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\11
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\15
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\14
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\05
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\09
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\10
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\15
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\02
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\04
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\08
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\11
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Movie Maker
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Search Enhancement Pack
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Backup\new
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\new
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Photo Acquisition
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Photo Gallery\SqmApi
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Photo Gallery
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.tbf\Cache
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.tbf\OfflineCache
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\NOS
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\riphpebvo
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Scansoft
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Apps
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QXPRTHGR
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\24.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\IswTmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\MessengerCache
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\computer info\Drivers\Net Zero re-install
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\computer info\netzero
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\ForceField Shared Files
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\lisa
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My eBooks
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\2009-10-11
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\2009-12-19
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\Adobe
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\christmas2009
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\ControlCenter3
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\pics
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Webs
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\ROXIO\updatesroxio6
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
!-->[Hidden] C:\Documents and Settings\Owner\Tracing
!-->[Hidden] C:\Documents and Settings\Owner\UserData
!-->[Hidden] C:\Program Files\Adobe
!-->[Hidden] C:\Program Files\Alwil Software\Avast4\DATA\spool
!-->[Hidden] C:\Program Files\Brother
!-->[Hidden] C:\Program Files\CheckPoint
!-->[Hidden] C:\Program Files\Common Files\Adobe
!-->[Hidden] C:\Program Files\Common Files\Designer
!-->[Hidden] C:\Program Files\Common Files\HP
!-->[Hidden] C:\Program Files\Common Files\InstallShield\UpdateService
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Artgalry
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Clipart
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1025
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1026
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1027
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1028
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1029
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1030
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1031
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1032
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1035
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1036
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1037
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1038
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1040
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1041
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1042
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1043
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1044
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1045
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1046
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1048
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1049
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1050
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1051
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1053
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1054
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1055
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1058
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1060
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1061
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1062
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1063
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1081
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2052
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2068
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2070
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2074
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\3076
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\3082
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Euro
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Grphflt
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\MSDesigners98
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Proof
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Reference Titles
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Themes
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VBA
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VC
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Windows Live
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\10.0\Audio Core
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\10.0\AVCapture
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\10.0\Common Resources\Black
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\10.0\Common Resources\White
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\MobileContent
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared\Online
!-->[Hidden] C:\Program Files\Common Files\ScanSoft Shared
!-->[Hidden] C:\Program Files\Common Files\System\Mapi
!-->[Hidden] C:\Program Files\Common Files\Windows Live
!-->[Hidden] C:\Program Files\Costco
!-->[Hidden] C:\Program Files\ERUNT
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}
!-->[Hidden] C:\Program Files\Internet Explorer\MUI
!-->[Hidden] C:\Program Files\Lavasoft\Ad-Aware
!-->[Hidden] C:\Program Files\Lavasoft\Email Scanner
!-->[Hidden] C:\Program Files\Microsoft
!-->[Hidden] C:\Program Files\Microsoft Office
!-->[Hidden] C:\Program Files\Microsoft Silverlight
!-->[Hidden] C:\Program Files\Microsoft SQL Server Compact Edition
!-->[Hidden] C:\Program Files\Microsoft Sync Framework
!-->[Hidden] C:\Program Files\Microsoft Visual Studio
!-->[Hidden] C:\Program Files\MSBuild
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\Nuance
!-->[Hidden] C:\Program Files\PCRegistryCleaner
!-->[Hidden] C:\Program Files\Reference Assemblies
!-->[Hidden] C:\Program Files\ScanSoft
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy\Dummies
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy\Help
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy\Includes
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy\Languages
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy\Skins
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy\Updates
!-->[Hidden] C:\Program Files\Trend Micro
!-->[Hidden] C:\Program Files\UltimateBet\data\coord
!-->[Hidden] C:\Program Files\UltimateBet\data\gameimage\casino
!-->[Hidden] C:\Program Files\UltimateBet\data\gameimage\effect
!-->[Hidden] C:\Program Files\UltimateBet\data\phistory
!-->[Hidden] C:\Program Files\UltimateBet\data\scr
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\coord
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\bj
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\casino
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\dlg
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\effect
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\gamebtn
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\gamebtnub
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\gameimage\jackpotimage
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\phistory
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\data\scr
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\finaltableskin
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg4\bellator
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg4\classic (old ub)
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg4\epic empire
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg4\football
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg6
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg8
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg9
!-->[Hidden] C:\Program Files\UltimateBet\DownLoad\skins\background\bg9_one
!-->[Hidden] C:\Program Files\UltimateBet\finaltableskin
!-->[Hidden] C:\Program Files\UltimateBet\LogFile
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg4\bellator
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg4\classic (old ub)
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg4\epic empire
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg4\football
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg6\bellator
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg6\classic (old ub)
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg6\epic empire
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg6\football
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg8\bellator
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg8\classic (old ub)
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg8\epic empire
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg8\football
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9\bellator
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9\classic (old ub)
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9\epic empire
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9\football
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9_one\bellator
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9_one\classic (old ub)
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9_one\epic empire
!-->[Hidden] C:\Program Files\UltimateBet\skins\background\bg9_one\football
!-->[Hidden] C:\Program Files\Uniblue
!-->[Hidden] C:\Program Files\Windows Live SkyDrive
!-->[Hidden] C:\Program Files\Windows Live\Contacts
!-->[Hidden] C:\Program Files\Windows Live\Family Safety
!-->[Hidden] C:\Program Files\Windows Live\Mail
!-->[Hidden] C:\Program Files\Windows Live\Messenger
!-->[Hidden] C:\Program Files\Windows Live\Photo Gallery
!-->[Hidden] C:\Program Files\Windows Live\Sync
!-->[Hidden] C:\Program Files\Windows Live\Toolbar
!-->[Hidden] C:\Program Files\Windows Live\Writer
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\cp_ini
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\Help
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\images
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\repair
!-->[Hidden] C:\rsit
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP575
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP576\snapshot
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP577
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP578
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP579
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP580
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP581
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP582
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP583\snapshot
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP584\snapshot
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP585
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP586
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP587
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP588
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP589
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP590\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP591
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP592
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP593
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP595
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP596\snapshot
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP597
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP598
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP599
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP600
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP601
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP602
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP610
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP611
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP612
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP613
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP614
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP615
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP616
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP617
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP618
!-->[Hidden] C:\System Volume Information\_restore{ED8BEBAA-3CE9-42BF-AF9B-56719E36E7CA}\RP619\snapshot
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923561
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938127-v2-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942763
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB946648
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950759-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950762
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950974
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951066
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951072-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951698
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951978\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952004
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952287
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952954
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953838-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953839
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954459
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954600
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955759
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956572
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956744
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956802\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956802\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958215-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958690
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB959426
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960225
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960714-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960803
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960859
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961373
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961501
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961503
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB963027-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB967715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968537
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969059
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969897-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969947
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970238
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970430
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971557
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971633
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971657
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971737
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973346
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973354
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973507
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973815
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973869
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973904
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974112
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974318
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974392
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974571
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975025
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975467
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976325-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976749-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977816
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977914
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978207-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978338
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978542
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978601
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978706
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979309
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979683
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980232
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981349
!-->[Hidden] C:\WINDOWS\ie7updates\KB938127-v2-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB950759-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB953838-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB958215-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB960714-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB961260-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB963027-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB969897-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB972260-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB976325-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB976749-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB978207-IE7
!-->[Hidden] C:\WINDOWS\ShellNew
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\WebSetup
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE
!-->[Hidden] C:\WINDOWS\system32\mui\0409
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\brothermfc_490cw57e3
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\brotherpc_fax_v_2f2e4
!-->[Hidden] C:\WINDOWS\system32\spool\prtprocs\x64
!-->[Hidden] C:\WINDOWS\system32\spool\XPSEP
!-->[Hidden] C:\WINDOWS\system32\XPSViewer
!-->[Hidden] C:\WINDOWS\system32\ZoneLabs
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B75C, Type: Inline - RelativeJump 0x804E275C-->804E26E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9D8, Type: Inline - RelativeJump 0x804E29D8-->804E2A24 [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF55E4428-->F545CCBA [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF55E4454-->F545C4C8 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF55E4460-->F545C672 [vsdatant.sys]
[1012]MsMpEng.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1012]MsMpEng.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1116]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1156]pctspk.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1180]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1244]SeaPort.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1424]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1424]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1424]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1424]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1424]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1424]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1424]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1696]wdfmgr.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1696]wdfmgr.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1744]MsPMSPSv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2396]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2872]ashDisp.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2908]MSASCui.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2976]pptd40nt.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3012]DrgToDsc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3020]qttask.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3072]msnmsgr.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3200]LightScribeControlPanel.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3280]BrMfcWnd.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3288]BrMfcMon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3744]wuauclt.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[472]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[576]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[648]LSSrvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[704]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[748]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[748]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[748]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[748]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[748]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[748]services.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[748]services.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[748]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[748]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[748]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[748]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[760]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[852]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[908]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[976]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 15th, 2010, 7:33 pm

Hi Butcher,

Download ComboFix from one of the following links.
In the event you already have ComboFix, please delete it this is a new version I need you to download.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

IMPORTANT !!! Save ComboFix.exe to your Desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
A guide to disable your security programs can be found here. If yours is not on the list, please ask.
Double-click on ComboFix.exe & follow the prompts.
Make sure you install the Windows Recovery Console when prompted.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need more information see this link
http://www.bleepingcomputer.com/combofi ... e-combofix

Note: If you lose connection to the internet after running Combofix, restart the computer and try again.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 16th, 2010, 9:25 pm

Hi,
Idisabled everything I could except for the tea timer in spybot and Combofix says Avast is still running but I did disable it.What to do?

Butcher
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Butcher » July 17th, 2010, 8:35 am

Hi,
I was able to disable Avast,Spybot,AD-aware and Defender but had to allow Zone Alarm so I could download the Windows recovery console.I ran Combofix and here is the log:

Thanks,
Butcher

ComboFix 10-07-15.05 - Owner 07/17/2010 7:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.601 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\13E.tmp
C:\141.tmp
C:\144.tmp
C:\146.tmp
C:\147.tmp
C:\148.tmp
C:\Thumbs.db
c:\windows\MailSwitch.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\xpsp1hfm.log
E:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 01:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-17 01:04 . 2010-07-17 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-15 00:48 . 2010-07-15 00:48 -------- d-----w- c:\program files\ERUNT
2010-07-11 18:19 . 2010-07-11 18:19 -------- d-----w- C:\rsit
2010-07-05 14:45 . 2010-07-05 14:45 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 12:40 . 2010-07-11 18:46 -------- d-----w- c:\program files\Trend Micro
2010-07-02 16:36 . 2010-07-02 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-02 16:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 16:35 . 2010-07-02 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-02 16:35 . 2010-07-02 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 16:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 01:43 . 2010-06-30 01:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-30 01:38 . 2010-06-30 01:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-30 01:34 . 2010-07-11 18:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 12:59 . 2010-06-19 12:59 -------- d-----w- c:\program files\Zone Labs
2010-06-19 12:59 . 2010-07-17 12:16 -------- d-----w- c:\windows\Internet Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 10:29 . 2008-05-08 15:10 -------- d-----w- c:\program files\Alwil Software
2010-07-17 00:41 . 2010-07-17 00:41 1049843 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-15 00:57 . 2004-08-04 01:07 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-28 20:57 . 2008-05-08 15:21 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-05-08 15:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-05-08 15:22 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-05-08 15:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-05-08 15:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-05-08 15:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-06-01 10:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-05-08 15:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-20 13:13 . 2009-02-28 19:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-19 13:06 . 2010-06-19 13:06 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2010-06-19 13:06 . 2010-06-19 13:06 -------- d-----w- c:\program files\CheckPoint
2010-06-19 13:06 . 2010-06-19 13:06 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-13 13:24 . 2008-01-27 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 13:30 . 2009-02-28 18:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-06 03:31 . 2008-11-30 01:46 -------- d-----w- c:\program files\UltimateBet
2010-05-26 17:03 . 2010-06-19 13:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 17:03 . 2010-06-19 13:06 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 17:03 . 2010-06-19 13:06 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-21 18:14 . 2009-10-02 17:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 21:53 . 2004-12-31 00:45 50368 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-02-19 00:26 . 2005-01-31 00:05 50688 --sha-w- c:\program files\Thumbs.db
2005-01-30 23:39 . 2005-01-30 23:39 2417824 ----a-w- c:\program files\winzip90.exe
2004-08-22 15:12 . 2004-08-22 14:23 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-08-22 14:23 . 2004-08-22 14:03 6811656 ----a-w- c:\program files\psa201se_us.exe
2004-07-04 02:19 . 2004-07-04 02:19 4959023 ----a-w- c:\program files\FirefoxSetup-0.9.1.exe
2002-11-02 20:29 . 2004-08-22 13:30 1490 ----a-w- c:\program files\Microsoft PowerPoint.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2009-02-16 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-04 282624]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-3-1 1085440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-20 13:13 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-05-29 17:49 1085440 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-04 13:39 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2003-05-07 08:32 36864 ----a-r- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2009 2:23 PM 64288]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2/27/2005 6:42 PM 12384]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/8/2008 11:22 AM 165456]
R1 DSC2PAR;DSC2PAR;c:\windows\system32\drivers\Dsc2par.sys [2/21/2005 4:47 PM 65792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/1/2008 6:38 AM 17744]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [6/15/2004 4:02 PM 5824]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/1/2008 6:14 PM 36224]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 1:12 PM 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.n
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Owner\Start Menu\Programs\UltimateBet\UltimateBet.lnk
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.tbf\
FF - prefs.js: browser.startup.homepage - hxxp://www.verizon.net/central/vzc.portal
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 08:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1177238915-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(764)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2010-07-17 08:21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-17 12:20

Pre-Run: 17,283,346,432 bytes free
Post-Run: 17,363,312,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BBD2313F25C8EE815277F3C0278DB883
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 17th, 2010, 10:03 pm

Hi Butcher,

Do you need or use the program Ad-Aware? if not it's probably best to remove.

If they exist remove these via Add/Remove Programs:
Adobe Reader 7.1.0
UltimateBet
Uniblue RegistryBooster



Run CFScript
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to disable security programs can be found here.
Open Notepad (Start > Run > type notepad > ok)
Copy/Paste the following text Inside the code box into notepad:

Code: Select all
KILLALL::

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

Folder::
c:\program files\Adobe
c:\program files\UltimateBet
c:\documents and settings\NetworkService\Application Data\AdobeUM
c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
c:\program files\Uniblue

File::
c:\program files\psa201se_us.exe
c:\program files\FirefoxSetup-0.9.1.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\lsdelete.exe

DDS::
uInternet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.n
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Owner\Start Menu\Programs\UltimateBet\UltimateBet.lnk

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Reboot::


Save this file as CFScript.txt to your desktop (or the same location as combofix.exe)

Now drag CFScript.txt into ComboFix.exe as shown in the animation below... This will start ComboFix again.

Image

When finished, it shall produce a log for you. Please save it to a convenient location.
The tool may require a reboot - this is normal.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
ComboFix SHOULD NOT be used unless requested by a forum helper.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install Java
You don't seem to have Java installed.You will need it for the online scan below.
http://www.filehippo.com/download_jre_32/
Please download/install the latest Java Runtime Environment from the link above.
Make sure you click Download Latest Version on the right.

Install the latest Adobe Reader
Download the latest Adobe Reader from the link below.
ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.3/enu/AdbeRdr930_en_US.exe
Save AdbeRdr930_en_US.exe to a convenient location.
Run this file and follow the on screen instructions to install the latest Adobe Reader.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kaspersky online scan
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a new RSIT log.
This online tutorial will help explain how to use the aforementioned online scan.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logs/information to post in next reply:
  • ComboFix log
  • Kaspersky log
  • New RSIT log -- only one log will be produced this time
  • How is the pc running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 20th, 2010, 5:48 am

Hi,
Just got back into town late last night.Will post when I get home from work.

Thanks again.
Butcher
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am

Re: Google searches getting redirected

Unread postby Airscape » July 20th, 2010, 12:05 pm

No problem, thanks for the update. :)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Google searches getting redirected

Unread postby Butcher » July 20th, 2010, 7:35 pm

Hi,
I removed the programs you advised and installed latest versions of Java and Adobe Reader.I started the Kaspersky scan but received a security warning saying the applications digital signature has an error.Do you want to run the application?Also, Windows IE said the launch of Java app was interupted.It also said the digital signature was a trusted certificate but it expired.What to do?

Thanks.
Butcher
Butcher
Regular Member
 
Posts: 35
Joined: July 5th, 2010, 10:24 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware