Jump to content

Google Redirect Problem


Recommended Posts

Hello ALL,

I'm sure I'm not the first to post this problem, but its at the point where I need some sound advice and help.

Malwarebytes was unable to locate any issues. I used HiJackThis for the first time and I'm sure

to those that are familiar with Hijack Logs, you may see a file(s) in the log that could be creating the problem.

My antivirus software finds nothing. Other tools haven't touched it either.

After reading several comments from others, this virus is quite a pain in the butt to fix..

Any help would be greatly appreciated.. Below is the Hijacklog for review.

Thank you!

Araider

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:38:07 AM, on 6/19/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3644

R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {55BA68D8-34C7-45A8-B35F-2B4A63F7A6F7} (YouBet Client Analyzer Control) - http://racing.youbet.com/wr_9_5/controls/ybca.cab

O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://www.youbet.net/wr_5_8/controls/YBUICtrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter hijack: text/html - {4c9e8634-3b24-4a7e-8a6e-38cecd0e9f19} - (no file)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Link to post
Share on other sites

Hello Araider

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

First of All thank you Kahdah for your help..

I had success with OTL, but the GMER tool kept rebooting my PC...

Here are the OTL logs...

Hope it can help you idnetify something amiss,

Araider

OTL logfile created on: 6/19/2010 12:43:47 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 412.00 Mb Available Physical Memory | 46.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.95 Gb Total Space | 128.04 Gb Free Space | 88.95% Space Free | Partition Type: NTFS

Drive D: | 5.08 Gb Total Space | 2.58 Gb Free Space | 50.73% Space Free | Partition Type: FAT32

Drive E: | 239.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-BC185A12A1

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Program Files\IObit\IObit Security 360\is360.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nvgts) -- C:\WINDOWS\SYSTEM32\DRIVERS\NVGTS.SYS (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3644

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644

IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/20 12:14:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/06/19 07:56:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {55BA68D8-34C7-45A8-B35F-2B4A63F7A6F7} http://racing.youbet.com/wr_9_5/controls/ybca.cab (YouBet Client Analyzer Control)

O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} http://www.youbet.net/wr_5_8/controls/ybrequest.cab (Secure Data Transfer Control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} http://www.youbet.net/wr_5_8/controls/YBUICtrl.cab (YBUICtrl.FloatWnd.1)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]

O32 - AutoRun File - [2003/05/29 10:19:18 | 003,674,178 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2003/03/19 12:09:30 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{5229887d-8f3f-11dc-8e1c-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{5229887d-8f3f-11dc-8e1c-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{5229887d-8f3f-11dc-8e1c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{f466fe4a-e308-11dc-b5b9-001c25607caf}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/06 20:37:54 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (81922828974161920)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/19 12:40:59 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/06/19 07:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files

[2010/06/19 07:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint

[2010/06/19 07:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

[2010/06/19 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm

[2010/06/19 07:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ZoneAlarm

[2010/06/19 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/06/19 07:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2010/06/19 07:30:27 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010/06/19 07:30:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010/06/19 07:30:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010/06/19 07:30:22 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010/06/19 07:30:21 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010/06/19 07:30:21 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010/06/19 07:30:21 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010/06/19 07:30:21 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010/06/19 07:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs

[2010/06/19 07:30:20 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[2010/06/19 07:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs

[2010/06/19 07:29:35 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010/06/19 07:29:35 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010/06/19 07:29:35 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010/06/19 07:29:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2010/06/18 19:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/06/18 19:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit

[2010/06/18 19:48:43 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/06/18 18:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/06/18 18:51:24 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro35.exe

[2010/06/18 18:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/18 18:13:33 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2010/06/18 17:52:40 | 007,503,864 | ---- | C] (IObit ) -- C:\Documents and Settings\Owner\Desktop\asc-setup.exe

[2010/06/18 14:27:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/06/18 14:26:59 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/18 14:25:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/06/18 14:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/06/18 14:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/06/15 17:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/06/09 19:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities

[2010/05/29 20:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/05/29 20:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/05/26 22:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 20:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 22:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/05/25 22:29:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 22:29:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 22:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 22:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/25 22:29:18 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe

[2010/05/25 20:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/25 20:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/19 12:41:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/19 12:41:04 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/06/19 12:00:19 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat

[2010/06/19 10:28:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/19 10:06:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/19 10:02:44 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/06/19 09:42:36 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/19 09:42:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/19 09:41:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/19 09:41:54 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/19 09:40:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/06/19 09:40:49 | 005,882,020 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2010/06/19 07:36:19 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010/06/19 07:30:29 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/06/19 07:30:29 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk

[2010/06/19 07:29:08 | 041,524,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_92_044_000_en.exe

[2010/06/18 18:52:09 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/06/18 18:51:27 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro35.exe

[2010/06/18 18:13:58 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/06/18 18:13:33 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2010/06/18 17:53:36 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2010/06/18 17:52:45 | 007,503,864 | ---- | M] (IObit ) -- C:\Documents and Settings\Owner\Desktop\asc-setup.exe

[2010/06/18 14:26:55 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/18 14:26:54 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/06/18 14:26:40 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/06/18 14:25:01 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/06/15 17:40:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/15 16:50:16 | 000,018,269 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\TIME OFF CHARTS.ods

[2010/06/12 20:15:57 | 000,016,033 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\my retired mares.ods

[2010/06/05 17:00:08 | 000,016,245 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Minn 2010.odt

[2010/06/05 10:46:46 | 000,016,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cover Letter - b.odt

[2010/05/30 09:13:49 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk

[2010/05/29 20:22:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/26 13:03:22 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010/05/26 13:03:16 | 000,712,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010/05/26 13:03:16 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010/05/26 13:03:16 | 000,103,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010/05/26 13:03:16 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010/05/26 13:03:16 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010/05/26 13:03:14 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010/05/26 13:03:14 | 000,228,352 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010/05/26 13:03:14 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010/05/26 13:03:14 | 000,107,520 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010/05/26 13:03:14 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010/05/25 22:29:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 22:29:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/19 10:10:13 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/06/19 07:30:29 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/06/19 07:30:29 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk

[2010/06/19 07:30:20 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2010/06/19 07:29:06 | 041,524,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_92_044_000_en.exe

[2010/06/18 18:52:18 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/06/18 18:52:09 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk

[2010/06/18 18:13:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/06/18 17:53:36 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2010/06/18 14:28:48 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/18 14:25:01 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/06/12 11:36:14 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat

[2010/06/05 10:21:11 | 000,016,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cover Letter - b.odt

[2010/05/29 20:22:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/25 22:29:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2007/11/09 19:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/09 19:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/09 19:38:33 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/09 19:38:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/11/09 19:38:30 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/09 19:38:30 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/11/09 19:38:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/06 20:24:27 | 000,001,364 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/06 20:24:27 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

========== LOP Check ==========

[2010/06/18 18:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2009/12/26 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2008/06/06 23:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2007/11/10 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2010/06/18 19:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/06/19 07:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint

[2010/06/18 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit

[2008/10/22 16:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2007/11/10 00:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/06/19 09:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup

[2008/03/18 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent

[2010/06/19 10:06:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/11/09 23:57:35 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS

[2006/05/06 20:38:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/02/24 12:35:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2006/05/06 20:38:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/06/19 09:41:54 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys

[2006/05/06 20:38:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/05/06 20:38:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/11/23 10:44:48 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/06/19 09:41:53 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys

[2007/11/10 00:03:32 | 000,000,090 | ---- | M] () -- C:\powerdvd.log

[2007/11/09 23:59:23 | 000,000,581 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/05/06 13:29:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006/05/06 13:29:39 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2006/05/06 13:29:39 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/06/19 10:02:44 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys

[2010/06/18 14:26:40 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2010/06/18 14:26:55 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

< End of report >

OTL Extras logfile created on: 6/19/2010 12:43:47 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 412.00 Mb Available Physical Memory | 46.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.95 Gb Total Space | 128.04 Gb Free Space | 88.95% Space Free | Partition Type: NTFS

Drive D: | 5.08 Gb Total Space | 2.58 Gb Free Space | 50.73% Space Free | Partition Type: FAT32

Drive E: | 239.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-BC185A12A1

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"E:\bin\IA\Core\MDM_Util.exe" = E:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found

"C:\Program Files\Global Star Software\Final Stretch\GameHR.exe" = C:\Program Files\Global Star Software\Final Stretch\GameHR.exe:*:Enabled:GameHR -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5CB13E5E-47C8-4BEF-8022-9206136CAA63}" = Final Stretch

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime

"7394C7E1FE86ACFE6FB7A2879139A6AEB420EC10" = Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"D93CE88F69FBAD21C270C82347C084C1411AFF43" = Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)

"Google Desktop" = Google Desktop

"HijackThis" = HijackThis 2.0.2

"HitmanPro35" = Hitman Pro 3.5

"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"IObit Security 360_is1" = IObit Security 360

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PokerStars.net" = PokerStars.net

"WGA" = Windows Genuine Advantage Validation Tool

"WildTangent emachines Master Uninstall" = eMachines Games

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoneAlarm" = ZoneAlarm

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/7/2010 6:19:37 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 3/8/2010 12:26:26 PM | Computer Name = YOUR-BC185A12A1 | Source = Google Update | ID = 20

Description =

Error - 3/8/2010 1:26:25 PM | Computer Name = YOUR-BC185A12A1 | Source = Google Update | ID = 20

Description =

Error - 3/8/2010 2:26:25 PM | Computer Name = YOUR-BC185A12A1 | Source = Google Update | ID = 20

Description =

Error - 3/8/2010 3:26:25 PM | Computer Name = YOUR-BC185A12A1 | Source = Google Update | ID = 20

Description =

Error - 3/8/2010 4:26:26 PM | Computer Name = YOUR-BC185A12A1 | Source = Google Update | ID = 20

Description =

Error - 3/8/2010 7:32:04 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 3/8/2010 10:03:57 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 3/10/2010 10:06:53 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 3/11/2010 7:49:21 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

[ System Events ]

Error - 6/10/2010 8:00:06 PM | Computer Name = YOUR-BC185A12A1 | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 6/12/2010 11:39:39 AM | Computer Name = YOUR-BC185A12A1 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 6/12/2010 11:40:38 AM | Computer Name = YOUR-BC185A12A1 | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 6/12/2010 12:33:54 PM | Computer Name = YOUR-BC185A12A1 | Source = Service Control Manager | ID = 7000

Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 6/13/2010 1:06:46 PM | Computer Name = YOUR-BC185A12A1 | Source = Print | ID = 6161

Description = The document about:blank owned by Owner failed to print on printer

HP DeskJet 720C. Data type: NT EMF 1.008. Size of the spool file in bytes: 917504.

Number of bytes printed: 272156. Total number of pages in the document: 2. Number

of pages printed: 1. Client machine: \\YOUR-BC185A12A1. Win32 error code returned

by the print processor: 0 (0x0).

Error - 6/13/2010 2:10:34 PM | Computer Name = YOUR-BC185A12A1 | Source = Print | ID = 6161

Description = The document about:blank owned by Owner failed to print on printer

HP DeskJet 720C. Data type: NT EMF 1.008. Size of the spool file in bytes: 340000.

Number of bytes printed: 339912. Total number of pages in the document: 2. Number

of pages printed: 1. Client machine: \\YOUR-BC185A12A1. Win32 error code returned

by the print processor: 0 (0x0).

Error - 6/14/2010 5:45:24 AM | Computer Name = YOUR-BC185A12A1 | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Management Instrumentation

service, but this action failed with the following error: %%1056

Error - 6/14/2010 8:57:18 PM | Computer Name = YOUR-BC185A12A1 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 6/15/2010 5:42:36 PM | Computer Name = YOUR-BC185A12A1 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 6/17/2010 7:47:47 PM | Computer Name = YOUR-BC185A12A1 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

< End of report >

Link to post
Share on other sites

Ok, Ran the tool again... that worked fine....

Here it is!! Again Thank you!

Araider

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-19 16:33:25

Windows 5.1.2600 Service Pack 3

Running: ugd2mi9m.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgroqfob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501C5C 12 Bytes [C0, BC, 25, B3, B4, EE, 26, ...]

.rsrc C:\WINDOWS\system32\drivers\sym_hi.sys entry point in ".rsrc" section [0xF77458D4]

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF49E3380, 0x2468FD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[156] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[216] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[216] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\spoolsv.exe[324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\winlogon.exe[692] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\services.exe[740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\lsass.exe[752] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A

.text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A

.text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]

.text C:\WINDOWS\Explorer.EXE[1528] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\Explorer.EXE[1528] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0596C24F C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0596C41F C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1928] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1984] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2096] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2204] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe[2404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\alg.exe[2432] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A

.text C:\WINDOWS\System32\svchost.exe[2524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3000A

.text C:\WINDOWS\System32\svchost.exe[2524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C

.text C:\WINDOWS\System32\svchost.exe[2524] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2524] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2524] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2524] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0098000A

.text C:\WINDOWS\System32\svchost.exe[2524] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2524] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0115000A

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[2808] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}

.text C:\WINDOWS\system32\ctfmon.exe[2808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001

.text C:\WINDOWS\system32\ctfmon.exe[2808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2808] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\ctfmon.exe[2808] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2808] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\system32\ctfmon.exe[2808] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0330C24F C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0330C41F C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2956] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\WINDOWS\System32\svchost.exe[2960] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\System32\svchost.exe[2960] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\WINDOWS\RTHDCPL.EXE[3232] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 038AC24F C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 038AC41F C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Toolbar/Conduit Ltd.)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3376] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3396] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3436] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3456] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\IObit Security 360\IS360tray.exe[3484] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3644] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\Messenger\msmsgs.exe[3720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3780] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] advapi32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3848] advapi32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\sym_hi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Looking at your system now, one or more of the identified infections is a backdoor Trojan\Rootkit.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

=======

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Here are the logs for Combo Fix and TDSSkiller , I believe I did see a lot of positive activity.

I do now have Microsoft Windows Recovery Console installed.

Thank you,

Araider

PS, I have a sidebar question. What do you recommend I have on here for security?

Can I have a thumbs up or thumbs down for the following? :P

I currently have the following,

Avira Antivirus

Zone Alarm -- as of yesterday!

IObit Security 360

Advanced System Care

Malwarebytes

Super Antispyware

ComboFix 10-06-19.03 - Owner 06/20/2010 9:05.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.464 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

PEV Error: LocalSettingsFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Thumbs.db

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))

.

2010-06-19 11:35 . 2010-06-19 11:35 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint

2010-06-19 11:29 . 2010-06-20 13:16 -------- d-----w- c:\windows\Internet Logs

2010-06-18 23:49 . 2010-06-18 23:49 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-06-18 23:49 . 2010-06-18 23:49 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2010-06-18 22:52 . 2010-06-19 14:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-18 22:52 . 2010-06-18 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-18 22:13 . 2010-06-18 22:13 -------- d-----w- c:\program files\Trend Micro

2010-06-18 18:26 . 2010-06-18 18:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-18 18:24 . 2010-06-19 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-15 21:39 . 2010-06-15 21:39 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-09 23:03 . 2010-06-09 23:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2010-05-30 00:22 . 2010-05-30 00:22 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-30 00:22 . 2010-06-12 15:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-05-27 02:55 . 2010-06-12 15:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-05-26 02:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-26 02:29 . 2010-06-12 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-26 02:29 . 2010-05-26 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-26 02:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 13:19 . 2007-11-10 04:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Spare Backup

2010-06-20 12:55 . 2006-07-01 05:51 28384 ----a-w- c:\windows\system32\drivers\sym_hi.sys

2010-06-20 12:46 . 2008-10-22 20:13 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-19 23:17 . 2010-06-19 23:17 1682944 ----a-w- c:\windows\Internet Logs\xDB6.tmp

2010-06-19 23:17 . 2010-06-19 23:17 38400 ----a-w- c:\windows\Internet Logs\xDB5.tmp

2010-06-19 22:07 . 2010-06-19 22:07 1679360 ----a-w- c:\windows\Internet Logs\xDB4.tmp

2010-06-19 22:07 . 2010-06-19 22:07 62464 ----a-w- c:\windows\Internet Logs\xDB3.tmp

2010-06-19 17:19 . 2010-06-19 17:19 1677824 ----a-w- c:\windows\Internet Logs\xDB2.tmp

2010-06-19 17:19 . 2010-06-19 17:19 67072 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2010-06-19 13:01 . 2010-05-27 12:27 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-19 13:01 . 2009-12-26 23:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\ZoneAlarm

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\Conduit

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\CheckPoint

2010-06-19 11:30 . 2010-06-19 11:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\Zone Labs

2010-06-18 21:53 . 2009-12-26 22:44 -------- d-----w- c:\program files\IObit

2010-06-15 21:39 . 2009-12-26 23:46 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-26 17:03 . 2010-06-19 11:30 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-05-26 17:03 . 2010-06-19 11:30 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-05-26 17:03 . 2010-06-19 11:30 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-05-23 01:56 . 2010-05-23 01:56 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-15a275dd-n\decora-sse.dll

2010-05-23 01:56 . 2010-05-23 01:56 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3353536d-n\msvcp71.dll

2010-05-23 01:56 . 2010-05-23 01:56 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3353536d-n\jmc.dll

2010-05-23 01:56 . 2010-05-23 01:56 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3353536d-n\msvcr71.dll

2010-05-23 01:56 . 2010-05-23 01:56 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-15a275dd-n\decora-d3d.dll

2010-04-21 21:04 . 2010-04-21 21:04 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60d1c6df-n\msvcp71.dll

2010-04-21 21:04 . 2010-04-21 21:04 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60d1c6df-n\jmc.dll

2010-04-21 21:04 . 2010-04-21 21:04 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60d1c6df-n\msvcr71.dll

2010-04-21 21:04 . 2010-04-21 21:04 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-44b89c76-n\decora-sse.dll

2010-04-21 21:04 . 2010-04-21 21:04 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-44b89c76-n\decora-d3d.dll

2010-04-21 19:57 . 2007-11-10 04:38 44928 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-20 16:14 . 2009-09-06 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 15:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-10 2403568]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-26 39408]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-10 1838592]

"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Global Star Software\\Final Stretch\\GameHR.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/26/2009 6:58 PM 108289]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/26/2009 6:44 PM 311568]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 12:16 AM 135664]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]

.

Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

DPF: {55BA68D8-34C7-45A8-B35F-2B4A63F7A6F7} - hxxp://racing.youbet.com/wr_9_5/controls/ybca.cab

DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://www.youbet.net/wr_5_8/controls/YBUICtrl.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-klmdb.sys

AddRemove-{D296C525-4869-4B66-8E0A-FABB7F9A070F} - c:\documents and settings\Owner\Local Settings\Application Data\{A9CE9902-F850-4FBF-A302-89ED0B959EF8}\setupHorseRacingFantasyCE.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-20 09:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,52,f8,9a,60,02,30,45,bc,e2,ce,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,52,f8,9a,60,02,30,45,bc,e2,ce,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

- - - - - - - > 'lsass.exe'(740)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(4204)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Completion time: 2010-06-20 09:22:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-20 13:22

Pre-Run: 137,804,128,256 bytes free

Post-Run: 138,541,412,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 166E157EF346FAAB2C1E2203734B03B4

ComboFix 10-06-19.03 - Owner 06/20/2010 9:05.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.464 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

PEV Error: LocalSettingsFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Thumbs.db

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))

.

2010-06-19 11:35 . 2010-06-19 11:35 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint

2010-06-19 11:29 . 2010-06-20 13:16 -------- d-----w- c:\windows\Internet Logs

2010-06-18 23:49 . 2010-06-18 23:49 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-06-18 23:49 . 2010-06-18 23:49 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2010-06-18 22:52 . 2010-06-19 14:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-18 22:52 . 2010-06-18 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-18 22:13 . 2010-06-18 22:13 -------- d-----w- c:\program files\Trend Micro

2010-06-18 18:26 . 2010-06-18 18:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-18 18:24 . 2010-06-19 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-15 21:39 . 2010-06-15 21:39 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-09 23:03 . 2010-06-09 23:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2010-05-30 00:22 . 2010-05-30 00:22 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-30 00:22 . 2010-06-12 15:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-05-27 02:55 . 2010-06-12 15:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-05-26 02:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-26 02:29 . 2010-06-12 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-26 02:29 . 2010-05-26 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-26 02:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 13:19 . 2007-11-10 04:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Spare Backup

2010-06-20 12:55 . 2006-07-01 05:51 28384 ----a-w- c:\windows\system32\drivers\sym_hi.sys

2010-06-20 12:46 . 2008-10-22 20:13 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-19 23:17 . 2010-06-19 23:17 1682944 ----a-w- c:\windows\Internet Logs\xDB6.tmp

2010-06-19 23:17 . 2010-06-19 23:17 38400 ----a-w- c:\windows\Internet Logs\xDB5.tmp

2010-06-19 22:07 . 2010-06-19 22:07 1679360 ----a-w- c:\windows\Internet Logs\xDB4.tmp

2010-06-19 22:07 . 2010-06-19 22:07 62464 ----a-w- c:\windows\Internet Logs\xDB3.tmp

2010-06-19 17:19 . 2010-06-19 17:19 1677824 ----a-w- c:\windows\Internet Logs\xDB2.tmp

2010-06-19 17:19 . 2010-06-19 17:19 67072 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2010-06-19 13:01 . 2010-05-27 12:27 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-19 13:01 . 2009-12-26 23:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\ZoneAlarm

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\Conduit

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\CheckPoint

2010-06-19 11:30 . 2010-06-19 11:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-06-19 11:30 . 2010-06-19 11:30 -------- d-----w- c:\program files\Zone Labs

2010-06-18 21:53 . 2009-12-26 22:44 -------- d-----w- c:\program files\IObit

2010-06-15 21:39 . 2009-12-26 23:46 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-26 17:03 . 2010-06-19 11:30 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-05-26 17:03 . 2010-06-19 11:30 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-05-26 17:03 . 2010-06-19 11:30 103936 ----a-w- c:\windows\system32\zlcommdb.dll

2010-05-23 01:56 . 2010-05-23 01:56 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-15a275dd-n\decora-sse.dll

2010-05-23 01:56 . 2010-05-23 01:56 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3353536d-n\msvcp71.dll

2010-05-23 01:56 . 2010-05-23 01:56 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3353536d-n\jmc.dll

2010-05-23 01:56 . 2010-05-23 01:56 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3353536d-n\msvcr71.dll

2010-05-23 01:56 . 2010-05-23 01:56 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-15a275dd-n\decora-d3d.dll

2010-04-21 21:04 . 2010-04-21 21:04 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60d1c6df-n\msvcp71.dll

2010-04-21 21:04 . 2010-04-21 21:04 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60d1c6df-n\jmc.dll

2010-04-21 21:04 . 2010-04-21 21:04 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60d1c6df-n\msvcr71.dll

2010-04-21 21:04 . 2010-04-21 21:04 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-44b89c76-n\decora-sse.dll

2010-04-21 21:04 . 2010-04-21 21:04 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-44b89c76-n\decora-d3d.dll

2010-04-21 19:57 . 2007-11-10 04:38 44928 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-20 16:14 . 2009-09-06 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 15:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-10 2403568]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-26 39408]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-10 1838592]

"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Global Star Software\\Final Stretch\\GameHR.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/26/2009 6:58 PM 108289]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/26/2009 6:44 PM 311568]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 12:16 AM 135664]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]

.

Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

DPF: {55BA68D8-34C7-45A8-B35F-2B4A63F7A6F7} - hxxp://racing.youbet.com/wr_9_5/controls/ybca.cab

DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://www.youbet.net/wr_5_8/controls/YBUICtrl.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-klmdb.sys

AddRemove-{D296C525-4869-4B66-8E0A-FABB7F9A070F} - c:\documents and settings\Owner\Local Settings\Application Data\{A9CE9902-F850-4FBF-A302-89ED0B959EF8}\setupHorseRacingFantasyCE.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-20 09:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,52,f8,9a,60,02,30,45,bc,e2,ce,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,52,f8,9a,60,02,30,45,bc,e2,ce,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

- - - - - - - > 'lsass.exe'(740)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(4204)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Completion time: 2010-06-20 09:22:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-20 13:22

Pre-Run: 137,804,128,256 bytes free

Post-Run: 138,541,412,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 166E157EF346FAAB2C1E2203734B03B4

Link to post
Share on other sites

Hi I would get rid o fthe following:

Zone Alarm

IObit Security 360

Advanced System Care

Super Antispyware

Hitman Pro 3.5

Can you also post the tdsskiller log?

========================

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

May ask what you suggest for antivirus software to assist with Malwarebytes?

Thank you! --- Things are looking up!

Araider

here are the files you requested..

1)

08:54:13:703 0212 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

08:54:13:703 0212 ================================================================================

08:54:13:703 0212 SystemInfo:

08:54:13:703 0212 OS Version: 5.1.2600 ServicePack: 3.0

08:54:13:703 0212 Product type: Workstation

08:54:13:703 0212 ComputerName: YOUR-BC185A12A1

08:54:13:703 0212 UserName: Owner

08:54:13:703 0212 Windows directory: C:\WINDOWS

08:54:13:703 0212 Processor architecture: Intel x86

08:54:13:703 0212 Number of processors: 1

08:54:13:703 0212 Page size: 0x1000

08:54:13:703 0212 Boot type: Normal boot

08:54:13:703 0212 ================================================================================

08:54:14:015 0212 Initialize success

08:54:14:015 0212

08:54:14:015 0212 Scanning Services ...

08:54:14:140 0212 Raw services enum returned 348 services

08:54:14:156 0212

08:54:14:156 0212 Scanning Drivers ...

08:54:14:734 0212 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:54:14:765 0212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:54:14:781 0212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

08:54:14:781 0212 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:54:14:812 0212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:54:14:890 0212 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

08:54:14:921 0212 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:54:14:953 0212 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:54:14:968 0212 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:54:15:000 0212 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:54:15:015 0212 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:54:15:046 0212 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:54:15:093 0212 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:54:15:109 0212 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:54:15:140 0212 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:54:15:187 0212 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:54:15:218 0212 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:54:15:296 0212 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:54:15:312 0212 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:54:15:343 0212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:54:15:375 0212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:54:15:406 0212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:54:15:453 0212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:54:15:546 0212 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

08:54:15:593 0212 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

08:54:15:671 0212 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

08:54:15:734 0212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:54:15:750 0212 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:54:15:781 0212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:54:15:781 0212 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:54:15:828 0212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:54:15:859 0212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:54:15:890 0212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:54:15:921 0212 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

08:54:15:937 0212 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:54:15:968 0212 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:54:16:015 0212 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:54:16:031 0212 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:54:16:093 0212 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:54:16:125 0212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:54:16:171 0212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:54:16:250 0212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:54:16:312 0212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:54:16:343 0212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:54:16:359 0212 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:54:16:390 0212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:54:16:406 0212 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys

08:54:16:453 0212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:54:16:484 0212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

08:54:16:515 0212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:54:16:546 0212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

08:54:16:578 0212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:54:16:593 0212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:54:16:609 0212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:54:16:640 0212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:54:16:671 0212 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:54:16:718 0212 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:54:16:750 0212 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:54:16:812 0212 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

08:54:16:906 0212 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

08:54:16:984 0212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:54:17:015 0212 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:54:17:031 0212 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:54:17:046 0212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:54:17:093 0212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:54:17:109 0212 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:54:17:281 0212 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys

08:54:17:437 0212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:54:17:484 0212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:54:17:531 0212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:54:17:578 0212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:54:17:625 0212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:54:17:640 0212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:54:17:671 0212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:54:17:734 0212 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys

08:54:17:765 0212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:54:17:859 0212 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

08:54:17:906 0212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:54:17:953 0212 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:54:17:984 0212 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

08:54:18:015 0212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:54:18:078 0212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:54:18:156 0212 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:54:18:203 0212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:54:18:234 0212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:54:18:250 0212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:54:18:296 0212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:54:18:328 0212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:54:18:359 0212 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:54:18:421 0212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:54:18:500 0212 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:54:18:562 0212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:54:18:578 0212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:54:18:625 0212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:54:18:656 0212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:54:18:718 0212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:54:18:765 0212 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

08:54:18:781 0212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:54:18:812 0212 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:54:18:828 0212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:54:18:859 0212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:54:18:890 0212 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

08:54:18:921 0212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:54:18:953 0212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:54:19:000 0212 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:54:19:031 0212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:54:19:062 0212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:54:19:125 0212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:54:19:281 0212 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:54:19:390 0212 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

08:54:19:421 0212 nvgts (fa740e97a0fe36e368c2299d9f3c01c1) C:\WINDOWS\system32\DRIVERS\NVGTS.SYS

08:54:19:437 0212 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

08:54:19:484 0212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:54:19:515 0212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:54:19:562 0212 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:54:19:593 0212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:54:19:625 0212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:54:19:671 0212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:54:19:703 0212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:54:19:750 0212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:54:19:765 0212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

08:54:19:875 0212 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:54:19:937 0212 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:54:19:984 0212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:54:20:015 0212 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:54:20:046 0212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:54:20:062 0212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:54:20:078 0212 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:54:20:109 0212 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:54:20:125 0212 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:54:20:156 0212 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:54:20:156 0212 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:54:20:203 0212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:54:20:250 0212 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

08:54:20:312 0212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:54:20:343 0212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:54:20:390 0212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:54:20:421 0212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:54:20:453 0212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:54:20:484 0212 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:54:20:500 0212 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

08:54:20:531 0212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:54:20:593 0212 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:54:20:609 0212 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

08:54:20:656 0212 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

08:54:20:718 0212 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

08:54:20:750 0212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:54:20:812 0212 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:54:20:828 0212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:54:20:843 0212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:54:20:921 0212 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:54:20:968 0212 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:54:21:000 0212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:54:21:000 0212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:54:21:062 0212 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

08:54:21:093 0212 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

08:54:21:156 0212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:54:21:171 0212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:54:21:218 0212 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:54:21:234 0212 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:54:21:281 0212 sym_hi (0b8d8fa6396c516ae820fca11f35fb65) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:54:21:281 0212 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\sym_hi.sys. Real md5: 0b8d8fa6396c516ae820fca11f35fb65, Fake md5: 80ac1c4abbe2df3b738bf15517a51f2c

08:54:21:281 0212 File "C:\WINDOWS\system32\DRIVERS\sym_hi.sys" infected by TDSS rootkit ... 08:54:27:546 0212 Backup copy found, using it..

08:54:27:578 0212 will be cured on next reboot

08:54:27:718 0212 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:54:27:765 0212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:54:27:843 0212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:54:27:921 0212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:54:27:953 0212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:54:28:000 0212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:54:28:046 0212 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:54:28:093 0212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:54:28:109 0212 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:54:28:156 0212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:54:28:187 0212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:54:28:218 0212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:54:28:234 0212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:54:28:265 0212 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

08:54:28:312 0212 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:54:28:359 0212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:54:28:406 0212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:54:28:437 0212 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:54:28:453 0212 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:54:28:500 0212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:54:28:593 0212 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys

08:54:28:734 0212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:54:28:781 0212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:54:28:859 0212 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:54:29:015 0212 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:54:29:031 0212 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:54:29:046 0212 Reboot required for cure complete..

08:54:29:078 0212 Cure on reboot scheduled successfully

08:54:29:078 0212

08:54:29:078 0212 Completed

08:54:29:078 0212

08:54:29:078 0212 Results:

08:54:29:078 0212 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

08:54:29:078 0212 File objects infected / cured / cured on reboot: 1 / 0 / 1

08:54:29:078 0212

08:54:29:078 0212 KLMD(ARK) unloaded successfully

2)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4219

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/20/2010 6:22:15 PM

mbam-log-2010-06-20 (18-22-15).txt

Scan type: Quick scan

Objects scanned: 122756

Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

3)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=d5dda5b947d1fd47814ecc7ade59f26a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-06-20 11:15:43

# local_time=2010-06-20 07:15:43 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 87286 87286 0 0

# compatibility_mode=1026 16777214 0 2 15121993 15121993 0 0

# compatibility_mode=1797 16775125 100 94 348557 48787839 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 70 0 1259234 0 0

# scanned=81540

# found=0

# cleaned=0

# scan_time=2822

Link to post
Share on other sites

Avira is fine to use for a free one but if I were to buy one I would use Kaspersky.

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Thank you for the advice on a good virus software.. When I get your blessing that my PC is clean, I would like to make a donation, can i have an address to send a little something as a thank you for all your help?

Below is the latest OTL log.

Araider

OTL logfile created on: 6/21/2010 10:30:46 AM - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 35.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.95 Gb Total Space | 128.27 Gb Free Space | 89.11% Space Free | Partition Type: NTFS

Drive D: | 5.08 Gb Total Space | 2.58 Gb Free Space | 50.73% Space Free | Partition Type: FAT32

Drive E: | 239.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-BC185A12A1

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Program Files\IObit\IObit Security 360\is360.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nvgts) -- C:\WINDOWS\SYSTEM32\DRIVERS\NVGTS.SYS (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644

IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/20 12:14:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/06/19 07:56:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/20 09:15:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {55BA68D8-34C7-45A8-B35F-2B4A63F7A6F7} http://racing.youbet.com/wr_9_5/controls/ybca.cab (YouBet Client Analyzer Control)

O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} http://www.youbet.net/wr_5_8/controls/ybrequest.cab (Secure Data Transfer Control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} http://www.youbet.net/wr_5_8/controls/YBUICtrl.cab (YBUICtrl.FloatWnd.1)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]

O32 - AutoRun File - [2003/05/29 10:19:18 | 003,674,178 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2003/03/19 12:09:30 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{31f866e2-e2f5-11dc-b5b7-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{31f866e2-e2f5-11dc-b5b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{31f866e2-e2f5-11dc-b5b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2003/05/29 10:19:18 | 003,674,178 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/20 18:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/20 18:14:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/06/20 14:13:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/06/20 09:04:21 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/20 09:02:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/06/20 09:02:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/06/20 09:02:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/06/20 09:02:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/06/20 09:02:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/20 09:01:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/19 12:40:59 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/06/19 07:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files

[2010/06/19 07:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint

[2010/06/19 07:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

[2010/06/19 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm

[2010/06/19 07:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ZoneAlarm

[2010/06/19 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/06/19 07:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2010/06/19 07:30:27 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010/06/19 07:30:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010/06/19 07:30:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010/06/19 07:30:22 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010/06/19 07:30:21 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010/06/19 07:30:21 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010/06/19 07:30:21 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010/06/19 07:30:21 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010/06/19 07:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs

[2010/06/19 07:30:20 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[2010/06/19 07:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs

[2010/06/19 07:29:35 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010/06/19 07:29:35 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010/06/19 07:29:35 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010/06/19 07:29:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2010/06/18 19:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/06/18 19:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit

[2010/06/18 19:48:43 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/06/18 18:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/06/18 18:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/18 18:13:33 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2010/06/18 17:52:40 | 007,503,864 | ---- | C] (IObit ) -- C:\Documents and Settings\Owner\Desktop\asc-setup.exe

[2010/06/18 14:26:59 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/18 14:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/06/15 17:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/06/09 19:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities

[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe

[2010/05/29 20:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/05/29 20:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/05/26 22:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/05/26 20:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/25 22:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/05/25 22:29:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/25 22:29:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/25 22:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/25 22:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/25 22:29:18 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe

[2010/05/25 20:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/25 20:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/21 09:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/21 09:41:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/20 19:22:11 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat

[2010/06/20 16:00:08 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/20 15:59:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/20 15:59:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/20 15:59:15 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/20 15:59:15 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/20 15:52:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/20 15:46:58 | 000,501,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/20 15:46:58 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/20 15:46:58 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/20 15:42:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/06/20 15:41:59 | 006,955,024 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2010/06/20 09:16:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/20 09:15:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/20 09:04:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/06/20 08:55:57 | 000,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_hi.sys

[2010/06/20 08:51:40 | 003,716,709 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2010/06/20 08:44:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe

[2010/06/20 08:42:40 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip

[2010/06/19 19:43:02 | 000,819,758 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Error Message.odt

[2010/06/19 12:52:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe

[2010/06/19 12:41:04 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/06/19 10:02:44 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/06/19 07:36:19 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010/06/19 07:30:29 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/06/19 07:30:29 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk

[2010/06/19 07:29:08 | 041,524,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_92_044_000_en.exe

[2010/06/18 18:13:58 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/06/18 18:13:33 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2010/06/18 17:53:36 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2010/06/18 17:52:45 | 007,503,864 | ---- | M] (IObit ) -- C:\Documents and Settings\Owner\Desktop\asc-setup.exe

[2010/06/18 14:26:55 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/15 17:40:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/15 16:50:16 | 000,018,269 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\TIME OFF CHARTS.ods

[2010/06/12 20:15:57 | 000,016,033 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\my retired mares.ods

[2010/06/05 17:00:08 | 000,016,245 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Minn 2010.odt

[2010/06/05 10:46:46 | 000,016,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cover Letter - b.odt

[2010/05/30 09:13:49 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk

[2010/05/29 20:22:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/26 13:03:22 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010/05/26 13:03:16 | 000,712,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010/05/26 13:03:16 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010/05/26 13:03:16 | 000,103,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010/05/26 13:03:16 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010/05/26 13:03:16 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010/05/26 13:03:14 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010/05/26 13:03:14 | 000,228,352 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010/05/26 13:03:14 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010/05/26 13:03:14 | 000,107,520 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010/05/26 13:03:14 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010/05/25 22:29:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/25 22:29:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 09:04:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/20 09:04:22 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/20 09:02:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/20 09:02:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/20 09:02:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/20 09:02:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/20 09:02:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/20 08:51:34 | 003,716,709 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2010/06/20 08:42:35 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip

[2010/06/19 19:42:58 | 000,819,758 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Error Message.odt

[2010/06/19 12:52:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ugd2mi9m.exe

[2010/06/19 07:30:29 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/06/19 07:30:29 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk

[2010/06/19 07:30:20 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2010/06/19 07:29:06 | 041,524,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_92_044_000_en.exe

[2010/06/18 18:52:18 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/06/18 18:13:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2010/06/18 17:53:36 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk

[2010/06/12 11:36:14 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat

[2010/06/05 10:21:11 | 000,016,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cover Letter - b.odt

[2010/05/29 20:22:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/25 22:29:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2007/11/09 19:38:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/11/09 19:38:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/11/09 19:38:33 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/11/09 19:38:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/11/09 19:38:30 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/11/09 19:38:30 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/11/09 19:38:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/06 20:24:27 | 000,001,364 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/06 20:24:27 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

< End of report >

Link to post
Share on other sites

You are welcome you can donate via paypal if you want by clicking the donate button at the bottom of each of my posts.

Thank you. :welcome:

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.