Author Topic: pls help (Read 10323 times)

MT89 · « **on:** September 30, 2010, 08:19:06 PM »

AVG detected a virus when I tried to print to a shared printer (infected file 'hpzstc10.exe'). But no threats detected when I scanned w/ AVG and SuperAntiSpyWare. Did find 3 issues with MBAM... but different files than the 'hpzstc10'.

Here are the logs...

SuperAntiSpyWare Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/30/2010 at 02:16 AM

Application Version : 4.43.1000

Core Rules Database Version : 5608
Trace Rules Database Version: 3420

Scan type : Complete Scan
Total Scan Time : 01:30:19

Memory items scanned : 451
Memory threats detected : 0
Registry items scanned : 8503
Registry threats detected : 0
File items scanned : 29918
File threats detected : 0

MBAM Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4722

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/30/2010 6:09:12 PM
mbam-log-2010-09-30 (18-09-12).txt

Scan type: Quick scan
Objects scanned: 214889
Time elapsed: 16 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> No action taken.

HJT Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:21 PM, on 9/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\QUICKEN\bagent.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\PROGRA~1\QUICKEN\bagent.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126301249344
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hef.metafileonline.com/tsweb/msrdp.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 11074 bytes

harry 48 · « **Reply #1 on:** October 03, 2010, 08:57:16 AM »

re-run mbam and remove all it finds ( take action ) post the clean log

SuperDave · « **Reply #2 on:** October 03, 2010, 10:43:38 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

*****************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

******************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

MT89 · « **Reply #3 on:** October 04, 2010, 09:27:31 PM »

Hey Dave. Thanks for the help. Sorry for the lag in response!

Windows Messenger - disabled
Viewpoint - removed
registry entries - fixed via HijackThis

attempted 'securitycheck' task. The downloaded file is an .exe (not a zip) and it didn't create a folder when executed. The command window opened and appeared to run properly... displayed a couple status messages: 'gathering information' and 'preparing report DONE!' but it didn't open notepad or create a .txt file that I could locate.

I was also unsuccessful executing the combofix / commy.exe task. I pasted the command directly from you message but got a file not found error. I then browsed to the file commy.exe on my desktop and added the '/stepdel' command but got the same file not found windows error.

SuperDave · « **Reply #4 on:** October 05, 2010, 05:01:43 PM »

Quote

but it didn't open notepad or create a .txt file that I could locate.

Please try to run it again. I tried it on my computer. It created a log but then I searched my computer for the checkup.txt log but I couldn't find.

Could you please re-run MBAM and post the log.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

MT89 · « **Reply #5 on:** October 05, 2010, 11:20:33 PM »

All tasks have been completed!

Here are the logs...

MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4722

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/5/2010 10:34:53 PM
mbam-log-2010-10-05 (22-34-53).txt

Scan type: Quick scan
Objects scanned: 214846
Time elapsed: 46 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SecurityCheck:
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 8.5
ZoneAlarm
ZoneAlarm Toolbar
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 8.2.4
Out of date Adobe Reader installed!
Mozilla Thunderbird (3.0.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

ComboFix:
ComboFix 10-10-05.01 - Matt 10/05/2010 23:37:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.465 [GMT -5:00]
Running from: c:\documents and settings\Matt\Desktop\blackpudding.bat.exe
Command switches used :: /killall
AV: Authentium Antivirus *On-access scanning enabled* (Updated) {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Authentium Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET255.tmp
c:\program files\Internet Explorer\SET256.tmp
c:\program files\Internet Explorer\SET258.tmp
c:\program files\Internet Explorer\SET2BC.tmp
c:\program files\Internet Explorer\SET2BD.tmp
c:\program files\Internet Explorer\SET2BE.tmp
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_004051_.tmp.dll
c:\windows\system32\_004052_.tmp.dll
c:\windows\system32\_004053_.tmp.dll
c:\windows\system32\_004054_.tmp.dll
c:\windows\system32\_004061_.tmp.dll
c:\windows\system32\_004062_.tmp.dll
c:\windows\system32\_004063_.tmp.dll
c:\windows\system32\_004064_.tmp.dll
c:\windows\system32\_004065_.tmp.dll
c:\windows\system32\_004066_.tmp.dll
c:\windows\system32\_004067_.tmp.dll
c:\windows\system32\_004068_.tmp.dll
c:\windows\system32\_004069_.tmp.dll
c:\windows\system32\_004070_.tmp.dll
c:\windows\system32\_004071_.tmp.dll
c:\windows\system32\_004072_.tmp.dll
c:\windows\system32\_004073_.tmp.dll
c:\windows\system32\_004074_.tmp.dll
c:\windows\system32\_004075_.tmp.dll
c:\windows\system32\_004076_.tmp.dll
c:\windows\system32\_004077_.tmp.dll
c:\windows\system32\_004078_.tmp.dll
c:\windows\system32\_004079_.tmp.dll
c:\windows\system32\_004080_.tmp.dll
c:\windows\system32\_004081_.tmp.dll
c:\windows\system32\_004082_.tmp.dll
c:\windows\system32\_004083_.tmp.dll
c:\windows\system32\_004085_.tmp.dll
c:\windows\system32\_004086_.tmp.dll
c:\windows\system32\_004088_.tmp.dll
c:\windows\system32\_004089_.tmp.dll
c:\windows\system32\_004090_.tmp.dll
c:\windows\system32\_004091_.tmp.dll
c:\windows\system32\_004092_.tmp.dll
c:\windows\system32\_004093_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\_004095_.tmp.dll
c:\windows\system32\_004096_.tmp.dll
c:\windows\system32\_004097_.tmp.dll
c:\windows\system32\_004099_.tmp.dll
c:\windows\system32\_004100_.tmp.dll
c:\windows\system32\_004101_.tmp.dll
c:\windows\system32\_004102_.tmp.dll
c:\windows\system32\_004103_.tmp.dll
c:\windows\system32\_004104_.tmp.dll
c:\windows\system32\_004105_.tmp.dll
c:\windows\system32\_004108_.tmp.dll
c:\windows\system32\_004109_.tmp.dll
c:\windows\system32\_004110_.tmp.dll
c:\windows\system32\_004111_.tmp.dll
c:\windows\system32\_004112_.tmp.dll
c:\windows\system32\_004114_.tmp.dll
c:\windows\system32\_004115_.tmp.dll
c:\windows\system32\_004116_.tmp.dll
c:\windows\system32\_004117_.tmp.dll
c:\windows\system32\_004118_.tmp.dll
c:\windows\system32\_004119_.tmp.dll
c:\windows\system32\_004120_.tmp.dll
c:\windows\system32\_004121_.tmp.dll
c:\windows\system32\_004122_.tmp.dll
c:\windows\system32\_004124_.tmp.dll
c:\windows\system32\_004125_.tmp.dll
c:\windows\system32\_004126_.tmp.dll
c:\windows\system32\_004127_.tmp.dll
c:\windows\system32\_004129_.tmp.dll
c:\windows\system32\_004131_.tmp.dll
c:\windows\system32\_004132_.tmp.dll
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004134_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004136_.tmp.dll
c:\windows\system32\_004137_.tmp.dll
c:\windows\system32\_004139_.tmp.dll
c:\windows\system32\_004140_.tmp.dll
c:\windows\system32\_004141_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004143_.tmp.dll
c:\windows\system32\_004144_.tmp.dll
c:\windows\system32\_004145_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004148_.tmp.dll
c:\windows\system32\_004149_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004154_.tmp.dll
c:\windows\system32\_004155_.tmp.dll
c:\windows\system32\_004159_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004167_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004169_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004174_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004176_.tmp.dll
c:\windows\system32\_004177_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004184_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT

((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-01 01:56 . 2010-10-01 01:56   388096   ----a-r-   c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-30 11:58 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 11:58 . 2010-09-30 23:09   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-30 11:58 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-29 19:20 . 2010-09-29 19:20   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ZoneAlarm
2010-09-15 19:20 . 2010-09-15 19:20   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-09-10 06:03 . 2010-09-10 06:03   --------   d-----w-   c:\documents and settings\Matt\Application Data\Amazon
2010-09-10 05:57 . 2010-09-10 05:57   --------   d-----w-   c:\program files\Amazon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 02:33 . 2004-06-11 02:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-10-04 12:02 . 2007-05-15 03:06   --------   d-----w-   c:\documents and settings\Elisa\Application Data\U3
2010-10-04 00:30 . 2007-04-12 02:48   --------   d-----w-   c:\program files\FinePixViewer
2010-10-03 05:13 . 2008-08-21 03:53   --------   d-----w-   c:\program files\CCleaner
2010-09-30 23:23 . 2008-08-21 04:00   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-30 23:11 . 2010-09-30 23:12   1747968   ----a-w-   c:\windows\Internet Logs\xDB3.tmp
2010-09-30 05:43 . 2010-08-02 03:48   63488   ----a-w-   c:\documents and settings\Matt\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-30 05:43 . 2009-03-19 02:34   117760   ----a-w-   c:\documents and settings\Matt\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-30 02:11 . 2005-09-09 02:07   --------   d-----w-   c:\program files\Hewlett-Packard
2010-09-30 02:08 . 2005-09-09 02:06   --------   d-----w-   c:\program files\HP
2010-09-24 11:16 . 2010-09-24 11:18   1765888   ----a-w-   c:\windows\Internet Logs\xDB2.tmp
2010-09-21 01:59 . 2009-03-24 02:43   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-09-15 08:32 . 2010-07-23 05:33   3676153   ----a-w-   c:\windows\Internet Logs\tvDebug.Zip
2010-09-06 04:11 . 2010-09-06 04:11   503808   ----a-w-   c:\documents and settings\Elisa\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67efe7b2-n\msvcp71.dll
2010-09-06 04:11 . 2010-09-06 04:11   499712   ----a-w-   c:\documents and settings\Elisa\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67efe7b2-n\jmc.dll
2010-09-06 04:11 . 2010-09-06 04:11   12800   ----a-w-   c:\documents and settings\Elisa\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fa051ea-n\decora-d3d.dll
2010-09-06 04:11 . 2010-09-06 04:11   61440   ----a-w-   c:\documents and settings\Elisa\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3fa051ea-n\decora-sse.dll
2010-09-06 04:11 . 2010-09-06 04:11   348160   ----a-w-   c:\documents and settings\Elisa\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-67efe7b2-n\msvcr71.dll
2010-08-20 03:31 . 2010-08-20 03:31   63488   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-20 03:31 . 2010-08-20 03:31   52224   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-20 03:31 . 2010-08-20 03:31   117760   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-20 03:30 . 2010-08-20 03:30   --------   d-----w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com
2010-08-20 01:14 . 2010-08-20 01:14   503808   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c3d5078-n\msvcp71.dll
2010-08-20 01:14 . 2010-08-20 01:14   499712   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c3d5078-n\jmc.dll
2010-08-20 01:14 . 2010-08-20 01:14   348160   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c3d5078-n\msvcr71.dll
2010-08-20 01:14 . 2010-08-20 01:14   12800   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-58e267dd-n\decora-d3d.dll
2010-08-20 01:14 . 2010-08-20 01:14   61440   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-58e267dd-n\decora-sse.dll
2010-08-17 13:17 . 2002-08-29 11:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-17 04:05 . 2010-08-17 04:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2010-08-17 04:04 . 2010-08-17 04:04   --------   d-----w-   c:\program files\NOS
2010-08-17 04:01 . 2007-02-17 23:23   --------   d-----w-   c:\program files\Common Files\Java
2010-08-17 04:01 . 2010-08-17 04:01   503808   ----a-w-   c:\documents and settings\Matt\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-309ddeef-n\msvcp71.dll
2010-08-17 04:01 . 2010-08-17 04:01   499712   ----a-w-   c:\documents and settings\Matt\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-309ddeef-n\jmc.dll
2010-08-17 04:01 . 2010-08-17 04:01   61440   ----a-w-   c:\documents and settings\Matt\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-225d638e-n\decora-sse.dll
2010-08-17 04:01 . 2010-08-17 04:01   348160   ----a-w-   c:\documents and settings\Matt\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-309ddeef-n\msvcr71.dll
2010-08-17 04:01 . 2010-08-17 04:01   12800   ----a-w-   c:\documents and settings\Matt\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-225d638e-n\decora-d3d.dll
2010-08-17 04:00 . 2010-04-20 03:32   --------   d-----w-   c:\program files\Java
2010-08-17 03:57 . 2010-08-17 03:56   --------   d-----w-   c:\program files\QuickTime
2010-08-17 03:56 . 2010-08-17 03:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-17 03:55 . 2010-08-17 03:55   --------   d-----w-   c:\program files\Common Files\Apple
2010-08-17 03:55 . 2010-08-17 03:55   --------   d-----w-   c:\program files\Apple Software Update
2010-08-17 03:55 . 2010-08-17 03:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-08-16 23:29 . 2010-08-16 23:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-07 16:21 . 2010-08-07 16:24   1725440   ----a-w-   c:\windows\Internet Logs\xDB1.tmp
2010-07-26 21:01 . 2010-08-17 04:04   37184   ----a-w-   c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\wn4bihv8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-07-26 21:01 . 2010-08-17 04:04   32032   ----a-w-   c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\wn4bihv8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-07-22 15:49 . 2004-04-16 01:46   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 06:40   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2010-07-17 10:00 . 2010-04-20 03:32   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2008-09-10 01:06 . 2008-09-10 01:06   27976   ----a-w-   c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-09-10 01:06 . 2008-09-10 01:06   125848   ----a-w-   c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-09-10 01:07 . 2008-09-10 01:07   46408   ----a-w-   c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46   13624   ----a-w-   c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46   87360   ----a-w-   c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46   91448   ----a-w-   c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46   21824   ----a-w-   c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46   206136   ----a-w-   c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46   31544   ----a-w-   c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46   40248   ----a-w-   c:\program files\mozilla firefox\plugins\icalogon.dll
2008-09-10 01:07 . 2008-09-10 01:07   98712   ----a-w-   c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27   479232   ----a-w-   c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27   548864   ----a-w-   c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27   626688   ----a-w-   c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47   981170   ----a-w-   c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46   24384   ----a-w-   c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 16:50   2517088   ----a-w-   c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01   1230080   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-30 2424560]
"QuickenScheduledUpdates"="c:\progra~1\QUICKEN\bagent.exe" [2010-06-02 77656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="c:\windows\system32\nwiz.exe" [2003-10-06 741376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-14 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-4-11 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 03:13   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 04:41   11952   ----a-w-   c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-02 23:41   684032   ----a-w-   c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24   40368   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01   135264   ----a-w-   c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-15 00:22   28672   ----a-r-   c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
2005-09-01 22:24   942080   ----a-w-   c:\program files\EarthLink TotalAccess\TaskPanl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38   241664   ----a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
2005-08-11 03:10   380928   ----a-r-   c:\program files\EarthLink TotalAccess\FastLane2\IPClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41   28738   ----a-w-   c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18   443968   ----a-w-   c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00   90112   ----a-w-   c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/22/2009 4:43 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/22/2009 4:43 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 67656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/22/2009 4:42 PM 297752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 8:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 8:35 AM 493032]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);

S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 6:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 12872]
S3 SoP1kUSB;Sony PEG Virtual Port;c:\windows\SYSTEM32\DRIVERS\SoP1kUSB.sys [7/24/2003 9:48 PM 30051]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://start.earthlink.net/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://education.dellnet.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cab
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\wn4bihv8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Matt\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\wn4bihv8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE
HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\Firewall\cfp.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2875855996-650436976-1786743842-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(792)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\bgsvcgen.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-10-06 00:13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 05:13

Pre-Run: 27,937,931,264 bytes free
Post-Run: 27,799,285,760 bytes free

- - End Of File - - DCAE7AB30A6807305652CC55268BFD60

SuperDave · « **Reply #6 on:** October 06, 2010, 05:17:09 PM »

Acording to the ComboFix log you're running two Anti-Virus programs (AV: Authentium Antivirus and AV: AVG Anti-Virus Free). Since AVG is out-of-date perhaps you should uninstall that one. You are also running two firewalls which is a no-no. One will have to go.

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

MT89 · « **Reply #7 on:** October 07, 2010, 05:12:24 AM »

I was unable to locate & remove Authentium AV. I upgraded AVG to new version and also downloaded new Acrobat Reader.

Here is the log from RKU:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058C63A-->F4FAA534 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreateFile, Type: Address change 0x8056CF98-->F4FA4782 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->F4FC36DC [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreatePort, Type: Address change 0x80597609-->F4FAACC0 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Address change 0x805B14AC-->F4FBDEB4 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Address change 0x8057FE4C-->F4FBE2A2 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x805652B3-->F4FC7916 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtCreateWaitablePort, Type: Address change 0x805DB1D4-->F4FAADF6 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtDeleteFile, Type: Address change 0x805D80BB-->F4FA5398 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->F4FC4FE4 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->F4FC493C [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x805717C5-->F4FBCDF0 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805AEE7B-->F4FC593C [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtLoadKey2, Type: Address change 0x805AECB8-->F4FC5B44 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtOpenFile, Type: Address change 0x8056CF33-->F4FA4FAA [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->F50736C0 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->F4FBFDF8 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x8064EAEA-->F4FC68D2 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x8064F446-->F4FC6208 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Address change 0x80576EC6-->F4FAA0F4 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->F4FC72A4 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtSecureConnectPort, Type: Address change 0x805888DA-->F4FAA7DC [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtSetInformationFile, Type: Address change 0x80574B2A-->F4FA575C [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtSetSecurityObject, Type: Address change 0x8059B1F3-->F4FC6E12 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->F4FC40C4 [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x8064A01B-->F4FBEF0A [C:\WINDOWS\System32\vsdatant.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805824CC-->F4F4F620 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8057BA6F-->F5073810 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057E60A-->F50738B0 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8A3E9C-->F5072C30 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8AD34B-->F5072B70 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF823E97-->F5072BC0 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EEAE-->F4FA8F38 [C:\WINDOWS\System32\vsdatant.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF808327-->F4FA907A [C:\WINDOWS\System32\vsdatant.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF85FD24-->F4FA91B2 [C:\WINDOWS\System32\vsdatant.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0xBF916B09-->F4FA6B4C [C:\WINDOWS\System32\vsdatant.sys]
win32k.sys-->NtUserSendInput, Type: Address change 0xBF8C3233-->F4FA95A6 [C:\WINDOWS\System32\vsdatant.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8AD40B-->F5072AE0 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Processes
==============================================
0x873C6830 [4] System
0x871F6B18 [180] C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 52.16)
0x867DF810 [184] C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision, Macrovision RTS Service)
0x8663F320 [316] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x866E1860 [336] C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE (Creative Technology Ltd, Creative Service for CDROM Access)
0x872DF228 [356] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x86373378 [508] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company, HP Framework Component Manager Service)
0x87180DA0 [536] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8729B900 [648] C:\WINDOWS\SYSTEM32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8712D538 [704] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x867D2858 [900] C:\WINDOWS\SYSTEM32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8718D9D8 [928] C:\WINDOWS\SYSTEM32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x870FD268 [976] C:\WINDOWS\SYSTEM32\services.exe (Microsoft Corporation, Services and Controller app)
0x8709D3C8 [988] C:\WINDOWS\SYSTEM32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x863AA020 [1056] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company, hpwuSchd)
0x86A15470 [1160] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87092420 [1240] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8681A860 [1416] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86637BE0 [1468] C:\WINDOWS\SYSTEM32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8707CB28 [1472] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86A065E8 [1608] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8661EDA0 [1640] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x870FF9D0 [1700] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x866C53C0 [1912] C:\WINDOWS\SYSTEM32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x866C8320 [2024] C:\WINDOWS\SYSTEM32\bgsvcgen.exe (B.H.A Corporation, B's Recorder GOLD Service Library)
0x872E13A0 [2232] C:\WINDOWS\SYSTEM32\MsPMSPSv.exe (Microsoft Corporation, WMDM PMSP Service)
0x872DFA30 [2284] C:\WINDOWS\SYSTEM32\fxssvc.exe (Microsoft Corporation, Fax Service)
0x86587A20 [2480] C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x86587020 [2508] C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o., AVG E-mail Scanner)
0x863A7630 [2568] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe (HP, -)
0x86321DA0 [2756] C:\WINDOWS\SYSTEM32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x862D0020 [2840] C:\PROGRA~1\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8630B2D8 [2868] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x866E09E0 [2916] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x8634A858 [2944] C:\PROGRA~1\Quicken\bagent.exe (Intuit Inc., Quicken Background Agent)
0x86407020 [2948] C:\WINDOWS\SYSTEM32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x862E33B8 [2972] C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD., Exif Launcher 2)
0x862A7530 [3576] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o., AVG IDS application)
0x86549380 [3604] C:\Documents and Settings\Matt\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\0nvQe70V.exe (UG North, RKULE, SR2 Normandy)
0x86335DA0 [4020] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x86386778 [168] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies, ZoneAlarm ForceField)
0x86667020 [752] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8666A9B0 [1300] C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies, ZoneAlarm ForceField)
0x866C4DA0 [1776] C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD, TrueVector Service)
0x87173BE8 [1996] C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8658A860 [2468] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG IDS application)
0x86380BA0 [3816] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD, ZoneAlarm Client)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6C32000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 )
0xF68FA000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF6AC9000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xF7489000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6A3F000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 565248 bytes (Conexant Systems, WinACHSF driver)
0xF4F89000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xF2933000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xF4E82000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2BC5000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xF6735000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5241000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF2B1E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF5137000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF2C42000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF21EF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF4E46000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF532C000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF52E7000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF2AED000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xF67BB000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF2D79000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF745C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6887000 C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF4F1A000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF28BB000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF500A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF758A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6BD4000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 155648 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xF5111000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4E22000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF68B3000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6BFA000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6844000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF68D7000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2460000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF4F67000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF4F45000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6867000 C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF7552000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75B0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF2C25000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xF6813000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF7442000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7572000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF4D92000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF2A73000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF7529000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF67FC000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2EEC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6830000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6C1E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF529A000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7516000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF2ADB000 C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys 73728 bytes (Conexant, SpkpNT driver)
0xF7540000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF67EB000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF2420000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF784F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76DF000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF768F000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF783F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6DB8000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF781F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF785F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF3071000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6E08000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF769F000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF766F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF31E9000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF782F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF787F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF764F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6DD8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF789F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76BF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF771F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF786F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF763F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF788F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF30A1000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF5071000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF762F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6E18000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF3AE1000 C:\WINDOWS\system32\Drivers\SbcpHid.sys 40960 bytes (-, -)
0xF6E28000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76AF000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF765F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF780F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76EF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6D98000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF2380000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF767F000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6DC8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A0F000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm ForceField)
0xF795F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79CF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7957000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7967000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF78AF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF79D7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF79E7000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF796F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7977000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF79DF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF78DF000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF270B000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF794F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79BF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78BF000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF799F000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 20480 bytes (Roxio, DVD-RAM AddOn Driver)
0xF79A7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF79C7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7997000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF78B7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7987000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF798F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF797F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A07000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7401000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7B17000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3B8D000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A3F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF2DC6000 C:\WINDOWS\System32\drivers\CdaC15BA.SYS 12288 bytes
0xF7B27000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AEB000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF73F1000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF2D5D000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7AFF000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7AF3000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xF7ACF000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AE3000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B5B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B33000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B73000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B59000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BC7000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xF7B5D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BAF000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BDB000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7B5F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B4F000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B55000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B31000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CEA000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D37000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7D39000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7D17000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D3A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth

MT89 · « **Reply #8 on:** October 07, 2010, 05:14:40 AM »

RKU log continued (part 2):
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Application Data\Microsoft\CLR Security Config\v1.1.4322
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Application Data\Microsoft\CryptnetUrlCache
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2875855996-650436976-1786743842-1010
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008020121
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008070205
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Favorites\Microsoft Websites
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Local Settings\Application Data\Microsoft\Feeds
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Local Settings\Application Data\Microsoft\Feeds Cache
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Local Settings\Application Data\Microsoft\Portable Devices
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\Local Settings\Application Data\SpiralfrogClient
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\My Documents\My Music\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\My Documents\My Videos\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Abby.DD0N1621\My Documents\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Abby\Application Data
!-->[Hidden] C:\Documents and Settings\Abby\Cookies
!-->[Hidden] C:\Documents and Settings\Abby\Desktop
!-->[Hidden] C:\Documents and Settings\Abby\Favorites\Dell
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2875855996-650436976-1786743842-1009
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Microsoft\Portable Devices
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Microsoft\Windows Media
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Mozilla\Firefox\Profiles\sicvd8mb.default
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Application Data\Musicmatch
!-->[Hidden] C:\Documents and Settings\Abby\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\Documents and Settings\Abby\NetHood\Pictures_Matt on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Abby\NetHood\SharedDocs on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Abigail
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\3.2\upsellCache
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Updater5
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\01304
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\03000
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07768
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\07776
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10139\14B36B3
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10245
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Cache
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Config
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Help\QnueHTML
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbank
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpbiz
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpcar
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hphome
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpinvest
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hpplan
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Hptax
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Config
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Fn
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Pop
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Alerts\Tax
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Content
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\AccountSetup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action2a
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action3
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action4
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action5
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action6f
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action7a
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Action7b
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Actionw
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Banklist
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Biz
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Bullseye
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Cataudit
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Chart
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\css
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\FirstTime
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Guidance
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\HBTrial
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Icfp
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\img
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Qifinfo
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Qonlerr
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Qsystem
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPM
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\RPMTrial
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Setup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Ss_mff
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Style
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Tax
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Webconn
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Onlnenrl
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Afford
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Allocate
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Assume
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Blm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Capgains
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Cir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\College
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Custcare
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Deduct
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Funding
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Home
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Howinv
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Nolo
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Pas
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Plan
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Qtax
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Quicken
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Rebal
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Reg
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Retire
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Pnf\Withhold
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Qfpdata
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Qwipa
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\STAGE
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\System
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\MSMoney_Import
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\MSMoney_Import_Invst
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Hab
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Premier
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\icons
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Kodak
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Lavasoft
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\dot3svc
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Money\17.0
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Store
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\pdf995
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Spiralfrog
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Symantec\Shared
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\Applications\HPSU\program files
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\Applications\HPSU\System32
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\Applications\SystemCheck
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\common
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\program files
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\util
!-->[Hidden] C:\Documents and Settings\All Users\Documents\dj3840_98\3840\windows
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\r1ptemp54
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\r1ptemp92
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaConverter 2
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Best Buy Digital Music Store
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon PhotoRecord
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\CameraWindow
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\MovieEdit Task
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\RAW Image Task
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\RemoteCapture Task
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\DeductionPro 2005-06
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Kodak
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2010
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Shutterfly
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Software995
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\TaxCut 2005
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
!-->[Hidden] C:\Documents and Settings\Default User\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Adobe\Acrobat\7.0\Messages\ENU
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Adobe\Acrobat\8.0\Security
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Adobe\Flash Player
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\FUJIFILM\FinePixViewer
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Macromedia\Shockwave Player
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Mozilla\Firefox
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\pdf995
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Talkback
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Thunderbird\Crash Reports
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Thunderbird\Profiles\3gvdxclj.default\Mail\smart mailboxes
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\Thunderbird\Profiles\3gvdxclj.default\minidumps
!-->[Hidden] C:\Documents and Settings\Elisa\Application Data\U3
!-->[Hidden] C:\Documents and Settings\Elisa\Desktop\receipt.cfm_files
!-->[Hidden] C:\Documents and Settings\Elisa\Desktop\Room Coodinator 09-10
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Adobe\ESD
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\KodakGallery
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Microsoft\Media Player\Art Cache
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Microsoft\Portable Devices
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Microsoft\Terminal Server Client
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Mozilla\Firefox\Profiles
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\PCHealth
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\SpiralfrogClient
!-->[Hidden] C:\Documents and Settings\Elisa\Local Settings\Application Data\Thunderbird\Profiles\3gvdxclj.default\Cache
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\2009-06 (Jun)
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\Abby\Cheer01_out.jpg_files
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\Home Organization
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\Journal
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\NH\Silent Auction
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Family Fun Nights
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Stewardship\2004-05 Fall Dinners
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Stewardship\2006-07
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Stewardship\2009-10
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Stewardship\52 Weeks of Gratefulness
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Sunday School\SS 2006-07
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\TLC\Sunday School\SS 2007-08
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\Travel
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\Elisa\Will
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\My Music\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\My Videos\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Elisa\My Documents\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Elisa\NetHood\SharedDocs on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Elisa\Start Menu\Programs\Accessories\System Tools
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\EarthLink Toolbar
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\UserData
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Microsoft\Protect\S-1-5-21-2875855996-650436976-1786743842-501
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\Guest\Application Data\Thunderbird
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Application Data\Thunderbird
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\History\History.IE5\MSHist012010050320100510
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\History\History.IE5\MSHist012010052520100526
!-->[Hidden] C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\AntiPhishing
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe\Color
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe\TypeSpt
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Adobe\Acrobat\8.0
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Adobe\Online Services
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Adobe\Photoshop Album\3.2\OLS
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\CheckPoint
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\DeductionPro 2005-06
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Earthlink\6.0\[email protected]\Favorites\Jobs
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Earthlink\6.0\[email protected]\Favorites\Matt\Playhouse
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Facebook
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\FUJIFILM\FinePixViewer
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\FUJIFILM\G-FNAP2
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\ICAClient\Cache
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\InstallShield
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Microsoft\CryptnetUrlCache\Content
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Microsoft\CryptnetUrlCache\MetaData
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Microsoft\Installer\{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Microsoft\Windows Media Encoder
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Move Networks
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Musicmatch
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\pdf995
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Real\GLBD2D
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Real\RealPlayer
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Real\Rhapsody\ArtistInfo
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Talkback
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Thunderbird\Profiles\qd7rc7rj.default\Mail\pop.earthlink.net\Archives.sbd
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Thunderbird\Profiles\qd7rc7rj.default\Mail\smart mailboxes
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\U3
!-->[Hidden] C:\Documents and Settings\Matt\Application Data\Uniblue
!-->[Hidden] C:\Documents and Settings\Matt\browser - logitech
!-->[Hidden] C:\Documents and Settings\Matt\Favorites\Homelife
!-->[Hidden] C:\Documents and Settings\Matt\Favorites\Workout
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Adobe\Updater5\Data
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Conduit
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Money\17.0\Webcache
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Media\10.0
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Media\11.0
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Musicmatch
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\PCHealth
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\SpiralfrogClient
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\Thunderbird\Mozilla Thunderbird
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Application Data\ZoneAlarm
!-->[Hidden] C:\Documents and Settings\Matt\Local Settings\Temp\IswTmp
!-->[Hidden] C:\Documents and Settings\Matt\Logitech
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\DeductionPro 2005-06
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\ForceField Shared Files
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Music\Genius Products
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Music\My Playlists
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\00 2008-09 Prints\2008
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\00 Get prints!\cmas
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_01_Florida
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_06_24
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_06_28
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_07_01
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_07_06
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_07_09
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_07_10
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06 Living Room\2006_07_29
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06_23 Como - Abby
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_06_29 bumper crop
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07 Jacob's visit
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_0703
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07_02
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07_03 A w G&G L
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07_04 Parade!
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07_08
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07_18
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_07_22 artists
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_08_ Playhouse
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_10 Abby's bday
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_11 Will Bball
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_20
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_21
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_22 Our Cmas
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_24
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_25
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_29
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2006 Photos\2006_12_30
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007-various - earlier yrs
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_01_01 New Years
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_01_12 K MN Orch
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_01_28_Spencer bday
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_02_06 artist abby
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_02_10 snowmen
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_02_19 swimmers
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_02_22 k buddy
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_0411
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_07_27\4th of July 7.4.07
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_07_27\Kennedy's wknd
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_07_27\Kiah & Cayden 6.24.07
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_07_27\St. Cloud Wknd 7.7.07
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_07_27\Summer Dos 7.2.07
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_07_27\Titus Bday Bash 6.30.07
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\09_07 ELC Tea
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\10_06_07 Abby 4!
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\10_07 Abby 4
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\10_08 Abby's 4
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\10_09_07 HEF Wall
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\2007_10 Will Soccer
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\2008 Gala
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1009\Abby's Bday - upload
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_1104
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_12 Larson Cmas
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2007 Photos\2007_12 Titus Cmas
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_01 Duluth
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_01 Family Fun
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_03 Florida
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_04
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_0608 W Saints
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_07 4th July
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_0719 WKnd
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_12 Misc
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_1200 Misc
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_1205 Gpa H funeral
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_1219 Gma H funeral
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_1223 Our cmas
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_1224 Larson cmas\.picasaoriginals
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2008 Photos\2008_1228 Titus Cmas
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Family Camp - Share
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 For Trocke's
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\09 Cmas Card
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\2009_0618\2009_613 Farm
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\2009_0823
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\2009_1008
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\3.09 Misc
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\4.09 Florida\4.09 FL shutterfly
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\4.09 Misc
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\4.09 Rothsay
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Baseball
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 dance recital
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Family Room
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Field Day
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Memorial Wknd
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Mother's Day
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Richardson
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\5.09 Sunday School
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\6.09 Reagan wknd
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\6.09 Titus Bday Bash
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\6.09 Twins game 6.20\6.09 baseball
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\7.09 4th of July
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\7.09 Bball 7-9
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\7.09 Rothsay Wknd
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\Abby's lucky duck
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009 Photos\For facebook
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009_1004
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009_1024
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009_1028
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009_1031
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2009_1224
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010 Photos
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0409
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0504
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0515
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0518\.picasaoriginals
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0520
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0611
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\2010_0625\.picasaoriginals
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\For Mrs. Donley\2.09 Valentine's Party
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\For Mrs. Donley\5.09 Field Day
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\HomeProject
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\Picasa
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Pictures\PrairieChicken
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Received Files
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\My Videos\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\TaxCut
!-->[Hidden] C:\Documents and Settings\Matt\My Documents\wsdl
!-->[Hidden] C:\Documents and Settings\Matt\NetHood\Pictures_Matt on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Matt\NetHood\SharedDocs on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Matt\WINDOWS
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Earthlink\6.0\[email protected]\Cookies
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Microsoft\HTML Help
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\HelpCtr
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\MSHist012004090720040908
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temp\IswTmp
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Adobe\Flash Player\AssetCache
!-->[Hidden] C:\Documents and Settings\Will\Application Data\ArcSoft\ArcSoft MediaConverter\2.1.6\UserProfiles
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Earthlink
!-->[Hidden] C:\Documents and Settings\Will\Application Data\FUJIFILM
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Gtek\GTUpdate
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\AnimatedGIFAsset
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundImportExport
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Microsoft\AddIns
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Microsoft\Excel\XLSTART
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Microsoft\Proof
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Microsoft\Speech
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Real\Msg\20_1170876263
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Real\RealMediaSDK
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Real\RealPlayer
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Talkback
!-->[Hidden] C:\Documents and Settings\Will\Application Data\Thunderbird
!-->[Hidden] C:\Documents and Settings\Will\Application Data\U3\0C807B516100B9A4
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Google\Picasa2Albums
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Google\Picasa2\db2
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Google\Picasa2\temp
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Google\Picasa2\tmp
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Google\Picasa2\update
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Portable Devices
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Windows Media\11.0
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Musicmatch
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\SpiralfrogClient
!-->[Hidden] C:\Documents and Settings\Will\Local Settings\Application Data\Thunderbird
!-->[Hidden] C:\Documents and Settings\Will\Logitech
!-->[Hidden] C:\Documents and Settings\Will\My Documents\ArcSoft MediaConverter
!-->[Hidden] C:\Documents and Settings\Will\My Documents\My Music\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Will\My Documents\My Videos\SpiralFrog
!-->[Hidden] C:\Documents and Settings\Will\NetHood\Elisa on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Will\NetHood\Recipes on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Will\NetHood\SharedDocs on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\Documents and Settings\Will\NetHood\tlc on Dell 4550 (Dd0n1621)
!-->[Hidden] C:\ebbb7604dcf877db843b2373
!-->[Hidden] C:\Program Files\ArcSoft\MediaConverter 2\ArcRevenueSharingUI
!-->[Hidden] C:\Program Files\ArcSoft\MediaConverter 2\MagicDll
!-->[Hidden] C:\Program Files\ArcSoft\MediaConverter 2\PlugIn
!-->[Hidden] C:\Program Files\ArcSoft\MediaConverter 2\Profiles
!-->[Hidden] C:\Program Files\ArcSoft\MediaConverter 2\UI
!-->[Hidden] C:\Program Files\ArcSoft\MediaConverter 2\UserProfiles
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\cdburning
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\codecs
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\common
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\devices
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\google_bar
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\help\images
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\help\instruction
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\modules
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\mpaplugins
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\plugins
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\producer
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\rhapweb
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\update_ob
!-->[Hidden] C:\Program Files\Best Buy Rhapsody\vis
!-->[Hidden] C:\Program Files\Canon\CameraWindow
!-->[Hidden] C:\Program Files\Canon\CSCLIB
!-->[Hidden] C:\Program Files\Canon\PhotoRecord
!-->[Hidden] C:\Program Files\Canon\RAW Image Task
!-->[Hidden] C:\Program Files\Canon\RemoteCapture Task
!-->[Hidden] C:\Program Files\CheckPoint
!-->[Hidden] C:\Program Files\Citrix\ICA Client\Configuration
!-->[Hidden] C:\Program Files\Common Files\Adobe\Updater5
!-->[Hidden] C:\Program Files\Common Files\AnswerWorks 5.0
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Professional\RunTime\10
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Professional\RunTime\11
!-->[Hidden] C:\Program Files\Common Files\Java
!-->[Hidden] C:\Program Files\Common Files\Kodak
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1025
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1028
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1031
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1036
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1040
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1041
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1042
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2052
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\3082
!-->[Hidden] C:\Program Files\Common Files\Real\Plugins\ExtResources
!-->[Hidden] C:\Program Files\Common Files\Real\Update_OB\UI\loc
!-->[Hidden] C:\Program Files\Common Files\Remote Control Software Shared
!-->[Hidden] C:\Program Files\Common Files\Remote Control USB Driver
!-->[Hidden] C:\Program Files\Common Files\SunnComm Shared
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\SymcData
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1af.tmp
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2085.tmp
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp326d.tmp
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3ff8.tmp
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp4a63.tmp
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7449.tmp
!-->[Hidden] C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp841.tmp
!-->[Hidden] C:\Program Files\Common Files\xing shared
!-->[Hidden] C:\Program Files\Conduit
!-->[Hidden] C:\Program Files\DeductionPro 2005-06\8283
!-->[Hidden] C:\Program Files\DeductionPro 2005-06\Help
!-->[Hidden] C:\Program Files\DeductionPro 2005-06\Hrb2
!-->[Hidden] C:\Program Files\DeductionPro 2005-06\Templates
!-->[Hidden] C:\Program Files\EarthLink
!-->[Hidden] C:\Program Files\EarthLink TotalAccess\html\spamBlocker2\images\sb
!-->[Hidden] C:\Program Files\EMGames\EMMedia4-6\activities\M2A073f_indev\fscommand\Xtras
!-->[Hidden] C:\Program Files\EMGames\EMMedia4-6\activities\M5A004f_indev\fscommand\Xtras
!-->[Hidden] C:\Program Files\EMGames\EMMedia4-6\activities\M5A005f_indev\fscommand\Xtras
!-->[Hidden] C:\Program Files\EMGames\EMMedia4-6\activities\M5A021f_indev\fscommand\Xtras
!-->[Hidden] C:\Program Files\EMGames\EMMedia4-6\activities\M5A030_indev\dswmedia
!-->[Hidden] C:\Program Files\EMGames\EMMediaEC
!-->[Hidden] C:\Program Files\Google\Common
!-->[Hidden] C:\Program Files\Hewlett-Packard\HP Software Update
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{28291BD5-92D2-4685-82DC-CCA925C53CCA}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{4C96958A-6562-4143-B820-FF4890D3B734}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{91F1A0D6-23AD-49FE-8D4E-379485652214}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{C7281207-4AA4-425E-B57A-0E9EF8445635}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}
!-->[Hidden] C:\Program Files\Internet Explorer\en-US
!-->[Hidden] C:\Program Files\Kodak
!-->[Hidden] C:\Program Files\Logitech\Logitech Harmony Remote Software 7
!-->[Hidden] C:\Program Files\Microsoft CAPICOM 2.1.0.2
!-->[Hidden] C:\Program Files\Mozilla Firefox
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\modules\activity
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\modules\gloda
!-->[Hidden] C:\Program Files\MSBuild
!-->[Hidden] C:\Program Files\MsnMusic
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\install
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\oobe
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\OfficeUpdate11
!-->[Hidden] C:\Program Files\pdf995
!-->[Hidden] C:\Program Files\Picasa2
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\ENG2
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\ENG\Default
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\ENG\Pretty
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\ESP
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\ESP2
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\FRN
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\FRN2
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\GER
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\GER2
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\JPN
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\FPVCDBK.RES\JPN2
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\Manual
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\NxtButton
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\PreButton
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\SoundSam
!-->[Hidden] C:\Program Files\PIXELA\ImageMixer\resources\Style
!-->[Hidden] C:\Program Files\Quicken\AnswerWorks
!-->[Hidden] C:\Program Files\Quicken\certs
!-->[Hidden] C:\Program Files\Quicken\Convert03
!-->[Hidden] C:\Program Files\Quicken\PDFDrv
!-->[Hidden] C:\Program Files\Quicken\RPMMigration
!-->[Hidden] C:\Program Files\Quicken\Sounds
!-->[Hidden] C:\Program Files\Real\RealPlayer\browserrecord
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\DVDBurning
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\games
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\images
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\pccontrols
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\dvdburning
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\upsell
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\visualizations
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Web
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\wrn
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\xpr
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia\page
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GPFeat
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Help
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\howto
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\keywords
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\library
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Login
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\mstore
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\music
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\musicguide
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\prefs
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Radio
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\search
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\sendlink
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Update
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\video
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\web
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\webresources
!-->[Hidden] C:\Program Files\Real\RealPlayer\library
!-->[Hidden] C:\Program Files\Real\RealPlayer\producer\Codecs
!-->[Hidden] C:\Program Files\Real\RealPlayer\producer\Tools
!-->[Hidden] C:\Program Files\Real\RealPlayer\Setup\accesspoints
!-->[Hidden] C:\Program Files\Reference Assemblies
!-->[Hidden] C:\Program Files\Shutterfly
!-->[Hidden] C:\Program Files\SpiralFrog
!-->[Hidden] C:\Program Files\TaxCut05
!-->[Hidden] C:\Program Files\triCerat
!-->[Hidden] C:\Program Files\Uniblue
!-->[Hidden] C:\Program Files\Viewpoint\Common
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Manager
!-->[Hidden] C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\Windows Media Player\sample playlists
!-->[Hidden] C:\Program Files\Windows Resource Kits
!-->[Hidden] C:\Program Files\Yahoo!\Common
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\Help
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\images
!-->[Hidden] C:\Program Files\Zone Labs\ZoneAlarm\repair
!-->[Hidden] C:\Program Files\ZoneAlarm
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB890859\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB890859\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB890923
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB893066
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB893086
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB896424\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB896424\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB896688\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB896688\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB899589\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB899589\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB900725\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB901017\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB901017\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB902400\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB902400\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB904942
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB905414\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB905414\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB911927
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB912919
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB913446
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB914388
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB915865
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB916595\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB916595\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB917159
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB917422\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB917422\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB918118
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB918899
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB919007\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB919007\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920213
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920214
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920670
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920683\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920683\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920685\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920685\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920872\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB920872\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB921398
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB921503
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB921883\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB921883\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB922582
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB922616
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB922819
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923414
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923561\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923561\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923694
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923980
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB924191
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB924270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB924496
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB925902
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB926255
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB926436
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB927779
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB927802
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB927891
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB928255
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB928843
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB929123
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB929338
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB930178\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB930178\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB930916
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB931261\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB931261\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB931768-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB931784\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB931784\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB931836
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB932823-v3
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB933360
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB933566-IE7\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB933729
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB935839
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB935840
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB936021
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB937143-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB937894
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938127-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938828
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938829
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB939653-IE7\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB941568
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB941693
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942615-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942763
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB943460
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB944533-IE7\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB944653
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB945553
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB946648
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB947864-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB948590
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB948881
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950749
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950759-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950760
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950762
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950974
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951066
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951072-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951698
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951748
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951978
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952004
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952287
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952954
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953838-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB953839
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955759
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956572
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956744
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956844
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958687\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB959426
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960803
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960859
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961373
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961501
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB963027-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968537
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969059
!-->[Hidden] C

MT89 · « **Reply #9 on:** October 07, 2010, 05:17:56 AM »

RKU log part 3:
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969897-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969898
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969947
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970238
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970430
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971468
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971486
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971557
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971633
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971657
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971737
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971961
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973346
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973354
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973507
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973525
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973815
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973869
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973904
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974112
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974318
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974392
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974455-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974571
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975025
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975467
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975561
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975562
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976325-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976749-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977165
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977816
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977914
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978207-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978251
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978262
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978338
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978542
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978601
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978706
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979309
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979559
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979683
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980182-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980195\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980218
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980232
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981349
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE7
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstall$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890923$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893066$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893086$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896424$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896688$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899589$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB901017$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB902400$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB904942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911564$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911565$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911927$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB913446$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914388$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914440$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB915865$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB916595$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917159$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917422$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918118$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918899$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB919007$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920213$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920214$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920670$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920685$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920872$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921398$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921883$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922582$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922616$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922819$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923191$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923414$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923561$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923689$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923723$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923980$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924191$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924496$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924667$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB925398_WMP64$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB925902$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926239$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926255$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926436$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927779$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927891$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928255$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928843$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929123$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929399$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB930178$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB930916$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931261$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931784$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931836$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB932168$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB932823-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933729$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936021$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936782_WMP11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938828$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938829$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941568$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941569$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941693$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942763$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944653$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB945553$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946648$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948590$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948881$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950760$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951072-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952011$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954155_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956572$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956844$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960803$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961118$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961371$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961373$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961501$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968389$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968537$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968816_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969059$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969898$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969947$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970238$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970430$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970653-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971468$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971486$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971737$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971961$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB972270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973525$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973540_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973904$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974112$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974318$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974392$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974571$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975025$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975467$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975560$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975562$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975713$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB976098-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977165$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977816$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977914$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978037$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978251$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978262$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978542$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978601$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978695_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978706$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979309$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979482$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979559$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980195$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980218$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980232$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981349$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981793$
!-->[Hidden] C:\WINDOWS\$NtUninstallMSCompPackV1$
!-->[Hidden] C:\WINDOWS\$NtUninstallWMFDist11$
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01000$
!-->[Hidden] C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC_32
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_aadf5cda
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0306db88
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9e07483b
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e9a77144
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_50cb720b
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7bb2fd05
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c2fb9307
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_447b0f5c
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_66e462a8
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2ac79fe0
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32
!-->[Hidden] C:\WINDOWS\Debug\WPD
!-->[Hidden] C:\WINDOWS\Downloaded Program Files\CONFLICT.1
!-->[Hidden] C:\WINDOWS\Downloaded Program Files\CONFLICT.3
!-->[Hidden] C:\WINDOWS\Help\mail
!-->[Hidden] C:\WINDOWS\ie7
!-->[Hidden] C:\WINDOWS\ie7updates\KB928090-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB931768-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB933566-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB937143-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB938127-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB939653-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB942615-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB947864-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB950759-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB953838-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB963027-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB972260-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB974455-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB976325-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB976749-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB978207-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB980182-IE7
!-->[Hidden] C:\WINDOWS\ie7updates\KB982381-IE7
!-->[Hidden] C:\WINDOWS\INF\IEM
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3
!-->[Hidden] C:\WINDOWS\Installer\BWKDLogs
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
!-->[Hidden] C:\WINDOWS\Installer\{28291BD5-92D2-4685-82DC-CCA925C53CCA}
!-->[Hidden] C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150110}
!-->[Hidden] C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160010}
!-->[Hidden] C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160020}
!-->[Hidden] C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160030}
!-->[Hidden] C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160050}
!-->[Hidden] C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160070}
!-->[Hidden] C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
!-->[Hidden] C:\WINDOWS\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}
!-->[Hidden] C:\WINDOWS\Installer\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
!-->[Hidden] C:\WINDOWS\Installer\{4C96958A-6562-4143-B820-FF4890D3B734}
!-->[Hidden] C:\WINDOWS\Installer\{766E97B4-BF5D-4140-8E2A-C6272D0389FC}
!-->[Hidden] C:\WINDOWS\Installer\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
!-->[Hidden] C:\WINDOWS\Installer\{8C6027FD-53DC-446D-BB75-CACD7028A134}
!-->[Hidden] C:\WINDOWS\Installer\{8E92D746-CD9F-4B90-9668-42B74C14F765}
!-->[Hidden] C:\WINDOWS\Installer\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
!-->[Hidden] C:\WINDOWS\Installer\{91F1A0D6-23AD-49FE-8D4E-379485652214}
!-->[Hidden] C:\WINDOWS\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
!-->[Hidden] C:\WINDOWS\Installer\{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
!-->[Hidden] C:\WINDOWS\Installer\{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}
!-->[Hidden] C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
!-->[Hidden] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
!-->[Hidden] C:\WINDOWS\Installer\{C7281207-4AA4-425E-B57A-0E9EF8445635}
!-->[Hidden] C:\WINDOWS\Installer\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}
!-->[Hidden] C:\WINDOWS\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}
!-->[Hidden] C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
!-->[Hidden] C:\WINDOWS\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Data
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\App_LocalResources
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SubsetList
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v3.0
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v3.5
!-->[Hidden] C:\WINDOWS\network diagnostic
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US
!-->[Hidden] C:\WINDOWS\PIF
!-->[Hidden] C:\WINDOWS\Prefetch
!-->[Hidden] C:\WINDOWS\provisioning
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$
!-->[Hidden] C:\WINDOWS\ServicePackFiles
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\27ce7954bd1b2dce8d279778e466fec4
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\394fe6dfc179e51c798ca1a90ca6432e
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D
!-->[Hidden] C:\WINDOWS\Sun
!-->[Hidden] C:\WINDOWS\SYSTEM32\ar-SA
!-->[Hidden] C:\WINDOWS\SYSTEM32\BWKDLogs
!-->[Hidden] C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Real\Msg
!-->[Hidden] C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Real\RealPlayer
!-->[Hidden] C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Real\rnadmin
!-->[Hidden] C:\WINDOWS\SYSTEM32\da-DK
!-->[Hidden] C:\WINDOWS\SYSTEM32\de-DE
!-->[Hidden] C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
!-->[Hidden] C:\WINDOWS\SYSTEM32\DRVSTORE
!-->[Hidden] C:\WINDOWS\SYSTEM32\el-GR
!-->[Hidden] C:\WINDOWS\SYSTEM32\en
!-->[Hidden] C:\WINDOWS\SYSTEM32\en-US
!-->[Hidden] C:\WINDOWS\SYSTEM32\es-ES
!-->[Hidden] C:\WINDOWS\SYSTEM32\fi-FI
!-->[Hidden] C:\WINDOWS\SYSTEM32\fr-FR
!-->[Hidden] C:\WINDOWS\SYSTEM32\he-IL
!-->[Hidden] C:\WINDOWS\SYSTEM32\it-IT
!-->[Hidden] C:\WINDOWS\SYSTEM32\ko-KR
!-->[Hidden] C:\WINDOWS\SYSTEM32\LogFiles\WUDF
!-->[Hidden] C:\WINDOWS\SYSTEM32\Macromed\Download
!-->[Hidden] C:\WINDOWS\SYSTEM32\Macromed\Flash
!-->[Hidden] C:\WINDOWS\SYSTEM32\Macromed\Shockwave 8\Xtras\download\MacromediaInc
!-->[Hidden] C:\WINDOWS\SYSTEM32\nb-NO
!-->[Hidden] C:\WINDOWS\SYSTEM32\nl-NL
!-->[Hidden] C:\WINDOWS\SYSTEM32\pt-BR
!-->[Hidden] C:\WINDOWS\SYSTEM32\ReinstallBackups\0002
!-->[Hidden] C:\WINDOWS\SYSTEM32\scripting
!-->[Hidden] C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374
!-->[Hidden] C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381
!-->[Hidden] C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226
!-->[Hidden] C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll
!-->[Hidden] C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\x64
!-->[Hidden] C:\WINDOWS\SYSTEM32\SPOOL\XPSEP\amd64
!-->[Hidden] C:\WINDOWS\SYSTEM32\SPOOL\XPSEP\i386
!-->[Hidden] C:\WINDOWS\SYSTEM32\sv-SE
!-->[Hidden] C:\WINDOWS\SYSTEM32\tr-TR
!-->[Hidden] C:\WINDOWS\SYSTEM32\XPSViewer
!-->[Hidden] C:\WINDOWS\SYSTEM32\zh-HK
!-->[Hidden] C:\WINDOWS\SYSTEM32\zh-TW
!-->[Hidden] C:\WINDOWS\SYSTEM32\ZoneLabs\lib
!-->[Hidden] C:\WINDOWS\SYSTEM32\ZoneLabs\streamapi
!-->[Hidden] C:\WINDOWS\SYSTEM32\ZoneLabs\Updates
!-->[Hidden] C:\WINDOWS\Temp\IswTmp
!-->[Hidden] C:\WINDOWS\WBEM
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_2a62a75b
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0
==============================================

MT89 · « **Reply #10 on:** October 07, 2010, 05:18:40 AM »

RKU log part 4:
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B780, Type: Inline - RelativeJump 0x804E2780-->804E2783 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9E8, Type: Inline - RelativeJump 0x804E29E8-->804E29EB [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF5280428-->F4FAFCBA [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF5280454-->F4FAF4C8 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF5280460-->F4FAF672 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF6DCDB4C-->F4FAFCBA [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF6DCDB1C-->F4FADC2A [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF6DCDB3C-->F4FAF4C8 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF6DCDB28-->F4FAF672 [vsdatant.sys]
[1056]hpwuSchd2.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1056]hpwuSchd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1160]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1240]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1416]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1468]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1472]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1608]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1640]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1700]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[180]nvsvc32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[184]CDAC11BA.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1912]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2024]bgsvcgen.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2232]MsPMSPSv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2284]fxssvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2480]avgnsx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2508]avgemcx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2568]hpztsb10.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2756]rundll32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2868]SUPERANTISPYWARE.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2944]bagent.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2948]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2972]QuickDCF2.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[308]logonui.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[316]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[316]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[316]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[316]explorer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[316]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[316]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[316]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[316]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[336]CTsvcCDA.EXE-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[336]CTsvcCDA.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3576]AVGIDSMonitor.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[4020]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[508]hpcmpmgr.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[536]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[928]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[976]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[976]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[976]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[976]services.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[976]services.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[976]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[976]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[976]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[976]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[988]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

SuperDave · « **Reply #11 on:** October 08, 2010, 04:49:47 PM »

This should remove Authentium

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

SecCenter::
{A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
{38254411-9AEC-4967-913E-F892C2A4DF89}
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

*********************************
I'll be back later with more instructions.

Computer Hope Forum

News:

Author Topic: pls help (Read 10323 times)

MT89

pls help

harry 48

Re: pls help

SuperDave

Re: pls help

MT89

Re: pls help

SuperDave

Re: pls help

MT89

Re: pls help

SuperDave

Re: pls help

MT89

Re: pls help

MT89

Re: pls help

MT89

Re: pls help

MT89

Re: pls help

SuperDave

Re: pls help