Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stealty, Persistent Malware Keeps Trying to Dial Out


  • This topic is locked This topic is locked

#1
Jeff_F

Jeff_F

    Member

  • Member
  • PipPip
  • 27 posts
A number of months ago I was infected with a Google redirect virus. Another piece of malware got in and kept trying to contact a variety of malware sites, which I was only aware of due to Webroot Spysweeper's Internet Communication Shield reporting that it was blocking access to such sites as TOOLBAR.ISEARCH.COM, DOWNLOAD2.DESKTOPSMILEY.COM, WWW.BTBILGISAYARKURSU.COM, etc.

After receiving help here and apparently fixing the issue, the "dialing out" malware has continued to resurface repeatedly. My spysweeper installation was infected, and it was uninstalled and reinstalled, but the subscription ran out. Until the issue is completely resolved, I am reluctant to use a credit card online. Running ComboFix and other malware tools seems to make it vanish for a while, only to reappear. A few days ago I was unable to run the Kaspersky Removal Tool 11.0.01245.x01_2011_08_21_03_09 which kept crashing.

This is a Q6600 2.40Ghz Quad core machine running XP SP2 with 2GB RAM. Security Software that this is evading: Zonealarm Antivirus & Firewall, Sandboxie, Webroot Spysweeper (unregistered), Superantispyware (free). I also use the MVPS HOSTS file.

I ran OTL, which froze, then I renamed it and ran it. Logs are pasted below.

Thank You in Advance, this seems to be a tricky one!


OTL logfile created on: 10/10/2011 8:11:19 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.05% Memory free
3.83 Gb Paging File | 3.08 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 40.65 Gb Free Space | 67.76% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 37.43 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 40.60 Gb Free Space | 27.24% Space Free | Partition Type: NTFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 08:09:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
PRC - [2011/09/27 04:46:51 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/12 01:55:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/23 00:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/25 08:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 08:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/05 22:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/08/09 06:03:10 | 000,389,352 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/07 13:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 16:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/01/19 20:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2001/11/23 01:00:00 | 000,288,256 | ---- | M] (Tropical Wares) -- C:\Program Files\WallMaster\wallmast.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/12 01:55:44 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/04 03:15:39 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/04 03:15:39 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/04 03:15:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/22 00:23:58 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/05 11:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/09/07 13:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2006/09/07 13:19:01 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006/09/07 13:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/23 00:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/25 08:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/05 22:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/04 02:42:17 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 02:42:17 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/25 08:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 09:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/08/11 05:25:45 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/08/09 06:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/07/09 16:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\26488742.sys -- (26488742)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\5125243.sys -- (setup_9.0.0.722_06.06.2011_12-48drv)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2034379.sys -- (setup_9.0.0.722_06.06.2011_04-46drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\26488741.sys -- (26488741)
DRV - [2007/03/27 04:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 02:12:02 | 000,038,656 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/10/18 15:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/29 17:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2004/08/12 22:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/07/24 04:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/08/04 03:25:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 01:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 01:19:52 | 000,000,000 | ---D | M]

[2010/08/11 03:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2011/08/26 05:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions
[2011/08/04 03:25:17 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2011/08/26 05:01:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 21:45:26 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\[email protected]
[2011/06/07 20:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/11 03:50:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 19:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/16 14:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/07 20:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/12 01:55:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/12 01:55:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Flash Video Download = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: Chrome YouTube Downloader = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.5.7_0\

Hosts file not found
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/11 05:46:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA24CE51-1C1B-4318-9373-7E504BE8C269}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 02:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 08:09:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
[2011/10/10 06:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Fruit
[2011/10/10 06:03:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent
[2011/10/03 07:03:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/03 07:03:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/03 07:03:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/03 07:03:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/03 07:01:52 | 004,240,182 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2011/10/03 07:00:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Pics Vids
[2011/09/15 04:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Art Movies

========== Files - Modified Within 30 Days ==========

[2011/10/10 08:13:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
[2011/10/10 08:09:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
[2011/10/10 06:27:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/10/10 06:14:43 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Publisher.lnk
[2011/10/10 06:10:12 | 000,615,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/10/10 06:06:10 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/10 06:05:49 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 05:56:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/10 05:49:13 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Word.lnk
[2011/10/09 22:13:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
[2011/10/06 05:19:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/06 05:19:49 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 07:02:04 | 004,240,182 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2011/10/01 17:14:01 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Google Chrome.lnk
[2011/10/01 17:14:01 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/15 05:10:57 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Incomplete Torrents.lnk

========== Files Created - No Company Name ==========

[2011/10/03 07:03:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/03 07:03:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/03 07:03:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/03 07:03:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/03 07:03:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/27 05:13:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/15 05:11:03 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Incomplete Torrents.lnk
[2011/08/26 03:26:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/08/26 03:23:16 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/11 04:23:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/05 00:51:38 | 000,000,066 | ---- | C] () -- C:\WINDOWS\drD3D.ini
[2010/08/18 04:24:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/16 04:46:07 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2010/08/16 04:46:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2010/08/16 01:36:18 | 000,001,672 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/15 21:52:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
[2010/08/15 21:52:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
[2010/08/12 01:03:49 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/12 01:03:48 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/12 01:03:48 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/12 00:13:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/12 00:12:54 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 13:04:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/11 06:06:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/11 05:54:02 | 000,016,560 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/11 05:53:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/11 05:43:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/11 05:43:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2010/08/11 05:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2010/08/11 05:43:19 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/11 05:43:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/11 05:42:34 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/08/11 05:42:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/08/11 05:42:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2010/08/11 05:42:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/11 05:42:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/08/11 05:42:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2010/08/11 05:42:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/08/11 05:42:17 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2010/08/11 05:42:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/08/11 05:20:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/08/11 05:20:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/08/11 05:15:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/08/11 04:47:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/11 04:43:07 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/08/11 04:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/11 04:13:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/11 04:13:22 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/11 04:13:20 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/11 04:13:20 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/11 04:02:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/08/11 03:46:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/11 03:13:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/11 03:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/11 02:48:29 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 02:43:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/10 19:27:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/10 19:26:45 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2004/12/20 14:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 14:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


OTL Extras logfile created on: 10/10/2011 8:11:19 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.05% Memory free
3.83 Gb Paging File | 3.08 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 40.65 Gb Free Space | 67.76% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 37.43 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 40.60 Gb Free Space | 27.24% Space Free | Partition Type: NTFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled Twist 1.0.3" = Bejeweled Twist 1.0.3
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CursorXP" = CursorXP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.0.1
"ffdshow_is1" = ffdshow [rev 1431] [2007-08-21]
"FLVPlayer" = FLV Player 1.3.3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IconForge version 4.92_is1" = IconForge version 4.92
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"OpenLibraries" = OpenLibraries
"Opera 11.50.1074" = Opera 11.50
"PC Magazine ButtonBoogie 2_is1" = PC Magazine ButtonBoogie 2.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Sandboxie" = Sandboxie 3.48
"Tablet Driver" = Tablet
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WallMaster" = WallMaster
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WM Converter 2.0" = WM Converter 2.0
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoneAlarm Antivirus" = ZoneAlarm Antivirus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2011 6:40:43 AM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/14/2011 3:26:38 PM | Computer Name = JEFFDESK | Source = MsiInstaller | ID = 11722
Description = Product: Spy Sweeper Core -- Error 1722.There is a problem with this
Windows Installer package. A program run as part of the setup did not finish as
expected. Contact your support personnel or package vendor. Action EngineInstall,
location: C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe, command: /install
/silent

Error - 5/28/2011 11:18:41 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x04629290.

Error - 5/28/2011 11:19:14 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 5/29/2011 9:42:53 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x02b39290.

Error - 6/2/2011 5:56:05 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x04909290.

Error - 6/2/2011 5:56:43 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 6/4/2011 1:50:21 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
jdoom.dll, version 0.0.0.0, fault address 0x00017795.

Error - 6/4/2011 3:25:15 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x00030187.

Error - 6/4/2011 3:25:34 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x00030187.

[ System Events ]
Error - 10/4/2011 7:10:13 AM | Computer Name = JEFFDESK | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 10/4/2011 7:10:36 AM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7000
Description = The 7826020drv service failed to start due to the following error:
%%317

Error - 10/4/2011 7:12:19 AM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.

Error - 10/6/2011 1:05:54 AM | Computer Name = JEFFDESK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/10/2011 2:36:56 AM | Computer Name = JEFFDESK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/10/2011 5:49:34 AM | Computer Name = JEFFDESK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001D60405872. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 10/10/2011 5:54:24 AM | Computer Name = JEFFDESK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001D60405872. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 10/10/2011 5:55:08 AM | Computer Name = JEFFDESK | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 10/10/2011 5:57:05 AM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 10/10/2011 6:06:08 AM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.


< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Look for ComboFix.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.


NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?
  • 0

#3
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you for your assistant Agent ST.
As you'll see from my comments at the bottom, with luck this case might be not be much of a drain on your time.

***Combofix Scan log:

ComboFix 11-10-21.06 - Jeff 10/22/2011 13:02:18.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1290 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\CFixNEW.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
c:\windows\help\tours\htmltour\unlock_playing.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 09:39 . 2011-03-30 00:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( [email protected]_11.11.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-13 22:04 . 2011-10-13 22:04 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat
- 2011-06-06 02:46 . 2011-10-03 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-06 02:46 . 2011-10-13 22:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-11 06:49 . 2011-10-13 22:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-08-11 06:49 . 2011-10-03 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-08 02:46 . 2011-10-13 22:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-04-08 02:46 . 2011-10-03 05:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-18 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-22 16126464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"ISW"="" [BU]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2010-8-11 288256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 26488742;26488742 Boot Guard Driver;c:\windows\system32\drivers\26488742.sys [5/11/2011 1:27 AM 37392]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 26488741;26488741;c:\windows\system32\drivers\26488741.sys [5/11/2011 1:27 AM 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 setup_9.0.0.722_06.06.2011_04-46drv;setup_9.0.0.722_06.06.2011_04-46drv;c:\windows\system32\drivers\2034379.sys [6/6/2011 5:59 AM 315408]
R1 setup_9.0.0.722_06.06.2011_12-48drv;setup_9.0.0.722_06.06.2011_12-48drv;c:\windows\system32\drivers\5125243.sys [6/6/2011 6:25 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [8/11/2010 3:34 AM 20328]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/5/2011 10:41 PM 1201640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [8/11/2010 5:54 AM 38656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 9:52 PM 47360]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8281518752.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&rl=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 13:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\SST-49AFC6E8-E9FC-4FCF-9B71-4D605442DED6.tmp 0 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\wbem\wbemcomn.dll
.
- - - - - - - > 'lsass.exe'(856)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2011-10-22 13:11:20
ComboFix-quarantined-files.txt 2011-10-22 17:11
ComboFix2.txt 2011-10-04 11:20
ComboFix3.txt 2011-10-03 11:13
.
Pre-Run: 41,945,022,464 bytes free
Post-Run: 42,000,908,288 bytes free
.
- - End Of File - - 4BA8B2A5632792E90BEA2E7609746E94



*** New OTL scan log:

OTL logfile created on: 10/22/2011 1:25:07 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.72% Memory free
3.83 Gb Paging File | 2.91 Gb Available in Paging File | 75.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 39.14 Gb Free Space | 65.24% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 37.43 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 40.60 Gb Free Space | 27.24% Space Free | Partition Type: NTFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 00:10:41 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/10/10 08:09:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
PRC - [2011/09/30 11:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/08/23 00:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/29 15:25:25 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/07/25 08:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/06/05 22:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/08/09 06:03:10 | 000,389,352 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 16:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/01/19 20:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2004/08/03 18:56:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utilman.exe
PRC - [2001/11/23 01:00:00 | 000,288,256 | ---- | M] (Tropical Wares) -- C:\Program Files\WallMaster\wallmast.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 11:12:40 | 000,412,728 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 11:12:39 | 003,696,184 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 11:11:39 | 000,309,304 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\Locales\en-US.dll
MOD - [2011/09/30 11:11:13 | 000,142,568 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 11:11:12 | 000,253,320 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 11:11:10 | 002,403,240 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/08/04 03:15:39 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/04 03:15:39 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/04 03:15:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/05 11:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/09/07 13:19:01 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/23 00:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/25 08:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/05 22:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/04 02:42:17 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 02:42:17 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/25 08:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 09:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/08/11 05:25:45 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/08/09 06:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/07/09 16:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\26488742.sys -- (26488742)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\5125243.sys -- (setup_9.0.0.722_06.06.2011_12-48drv)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2034379.sys -- (setup_9.0.0.722_06.06.2011_04-46drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\26488741.sys -- (26488741)
DRV - [2007/03/27 04:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 02:12:02 | 000,038,656 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/10/18 15:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/29 17:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2004/08/12 22:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/07/24 04:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/08/04 03:25:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 05:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 01:19:52 | 000,000,000 | ---D | M]

[2010/08/11 03:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2011/08/26 05:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions
[2011/08/04 03:25:17 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2011/08/26 05:01:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 21:45:26 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\[email protected]
[2011/06/07 20:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/11 03:50:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 19:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/16 14:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/07 20:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/17 05:39:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 05:39:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Flash Video Download = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: Chrome YouTube Downloader = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.5.8_0\

O1 HOSTS File: ([2011/10/22 13:08:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/11 05:46:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA24CE51-1C1B-4318-9373-7E504BE8C269}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 02:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 12:58:03 | 004,269,227 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\CFixNEW.exe
[2011/10/13 18:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\jordan
[2011/10/13 17:39:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent
[2011/10/12 06:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Material for 5&6
[2011/10/10 08:09:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
[2011/10/03 07:03:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/03 07:03:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/03 07:03:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/03 07:03:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/03 07:00:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Pics Vids

========== Files - Modified Within 30 Days ==========

[2011/10/22 13:18:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
[2011/10/22 13:08:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/22 12:58:14 | 004,269,227 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\CFixNEW.exe
[2011/10/22 07:18:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
[2011/10/18 04:48:07 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/10/13 18:04:15 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/13 18:03:55 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/12 20:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/12 11:14:28 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Google Chrome.lnk
[2011/10/12 11:14:28 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/11 02:49:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Word.lnk
[2011/10/10 09:06:28 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Stealty, Persistent Malware Keeps Trying to Dial Out - Geeks to Go Forums.URL
[2011/10/10 08:09:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
[2011/10/10 06:14:43 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Publisher.lnk
[2011/10/06 05:19:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/06 05:19:49 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/10 09:06:28 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Stealty, Persistent Malware Keeps Trying to Dial Out - Geeks to Go Forums.URL
[2011/10/03 07:03:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/03 07:03:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/03 07:03:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/03 07:03:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/03 07:03:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/27 05:13:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/26 03:26:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/08/26 03:23:16 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/11 04:23:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/05 00:51:38 | 000,000,066 | ---- | C] () -- C:\WINDOWS\drD3D.ini
[2010/08/18 04:24:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/16 04:46:07 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2010/08/16 04:46:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2010/08/16 01:36:18 | 000,001,672 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/15 21:52:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
[2010/08/15 21:52:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
[2010/08/12 01:03:49 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/12 01:03:48 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/12 01:03:48 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/12 00:13:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/12 00:12:54 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 13:04:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/11 06:06:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/11 05:54:02 | 000,016,560 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/11 05:53:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/11 05:43:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/11 05:43:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2010/08/11 05:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2010/08/11 05:43:19 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/11 05:43:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/11 05:42:34 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/08/11 05:42:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/08/11 05:42:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2010/08/11 05:42:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/11 05:42:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/08/11 05:42:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2010/08/11 05:42:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/08/11 05:42:17 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2010/08/11 05:42:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/08/11 05:20:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/08/11 05:20:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/08/11 05:15:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/08/11 04:47:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/11 04:43:07 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/08/11 04:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/11 04:13:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/11 04:13:22 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/11 04:13:20 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/11 04:13:20 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/11 04:02:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/08/11 03:46:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/11 03:13:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/11 03:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/11 02:48:29 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 02:43:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/10 19:27:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/10 19:26:45 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2004/12/20 14:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 14:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


*** NEW OTL Extras log:

OTL Extras logfile created on: 10/22/2011 1:25:07 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.72% Memory free
3.83 Gb Paging File | 2.91 Gb Available in Paging File | 75.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 39.14 Gb Free Space | 65.24% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 37.43 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 40.60 Gb Free Space | 27.24% Space Free | Partition Type: NTFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled Twist 1.0.3" = Bejeweled Twist 1.0.3
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CursorXP" = CursorXP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.0.1
"ffdshow_is1" = ffdshow [rev 1431] [2007-08-21]
"FLVPlayer" = FLV Player 1.3.3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IconForge version 4.92_is1" = IconForge version 4.92
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"OpenLibraries" = OpenLibraries
"Opera 11.50.1074" = Opera 11.50
"PC Magazine ButtonBoogie 2_is1" = PC Magazine ButtonBoogie 2.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Sandboxie" = Sandboxie 3.48
"Tablet Driver" = Tablet
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WallMaster" = WallMaster
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WM Converter 2.0" = WM Converter 2.0
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoneAlarm Antivirus" = ZoneAlarm Antivirus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2011 9:42:53 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x02b39290.

Error - 6/2/2011 5:56:05 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x04909290.

Error - 6/2/2011 5:56:43 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 6/4/2011 1:50:21 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
jdoom.dll, version 0.0.0.0, fault address 0x00017795.

Error - 6/4/2011 3:25:15 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x00030187.

Error - 6/4/2011 3:25:34 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x00030187.

Error - 6/5/2011 11:33:29 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/5/2011 11:33:32 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/5/2011 11:33:35 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/5/2011 11:37:37 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 10/11/2011 2:07:16 AM | Computer Name = JEFFDESK | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {76E9291E-57BD-45B4-8DA4-E4AC599DD39E}.
The
error: "%3" Happened while starting this command: C:\DOCUME~1\Jeff\LOCALS~1\Temp\RarSFX0\Photoshop.exe
/Automation -Embedding

Error - 10/11/2011 2:07:16 AM | Computer Name = JEFFDESK | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {76E9291E-57BD-45B4-8DA4-E4AC599DD39E}.
The
error: "%3" Happened while starting this command: C:\DOCUME~1\Jeff\LOCALS~1\Temp\RarSFX0\Photoshop.exe
/Automation -Embedding

Error - 10/11/2011 2:38:21 AM | Computer Name = JEFFDESK | Source = Print | ID = 6161
Description = The document Microsoft Word - Table directions.doc owned by Jeff failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 112609420. Number of bytes printed: 99590644. Total number
of pages in the document: 60. Number of pages printed: 0. Client machine: \\JEFFDESK.
Win32 error code returned by the print processor: 6 (0x6).

Error - 10/12/2011 8:22:06 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 10/12/2011 8:22:43 PM | Computer Name = JEFFDESK | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 80000004, parameter2 806eaad1, parameter3
a668c538, parameter4 00000000.

Error - 10/12/2011 8:41:23 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 10/12/2011 8:41:50 PM | Computer Name = JEFFDESK | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 8a037bd0, parameter2 8a052908, parameter3
8a242bc8, parameter4 00000001.

Error - 10/22/2011 1:02:27 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.


< End of report >


*** Current Issues:
Since my original post, I went into the settings for Spysweeper and shut off the HOSTS file Shield. I was suspicious that my use of the MVPS HOSTS file was in some way triggering Spysweeper, making it think that something was trying to contact these malware sites. Since doing so, the alerts have stopped. Looking at my SS session logs, I see a huge string of alerts on 8/15, 10/3, 10/10, 10/12, and again on 10/12 later on that day.

Whenever I have seen these communication alerts, I unplug the ethernet cable from the computer when I am away from it, and the alerts stop. I also disconnect when I shut down my security software to run specialized tools.

However, I am uncertain why this behavior would suddenly pop up now, as I do change to the updated MVPS HOSTS file every so often. I have had such alerts a few times over the past 6 or so years, but they did coincide with infections. Thus if they WERE false alerts at those times then the alerts stopping when the infection was removed would have led me to believe that those alerts were part of the malware attack and not realize that they were actually false alerts.

This entry in the Spysweeper session logs also caused me some concern:
10/13/2011 6:04:55 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1715567821-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\FreeRAM XP. Parse Failure
10/13/2011 6:04:55 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZoneAlarm. Failure: SRegSetDataFailed -1-

As I mentioned in the original post, The Kaspersky stand alone virus scanner failing to run did cause me alarm, although that might simply be due to a prosaic Windows problem unrelated to malware. So the upshot is that it could simply be a coincidence of a bug in the Spysweeper HOSTS shield, SS not being able to identify the two files above, and a Windows problem preventing me from running the Kaspersky stand alone tool. If nothing is showing up in the logs of the various scanners you want me to run, I suppose I should leave the HOSTS shield off, renew and update Spysweeper, and chalk it up to bad luck. I know that malware can be extremely stealthy, but I also don't want to waste your time.

Thank you for your time, awaiting your advice as to how to proceed.

Jeff Ferreri
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening Jeff!

You are not wasting my time, so please don't think that you are. I truly enjoy helping users like yourself out with fixing malware issues. :)

Since my original post, I went into the settings for Spysweeper and shut off the HOSTS file Shield. I was suspicious that my use of the MVPS HOSTS file was in some way triggering Spysweeper, making it think that something was trying to contact these malware sites. Since doing so, the alerts have stopped. Looking at my SS session logs, I see a huge string of alerts on 8/15, 10/3, 10/10, 10/12, and again on 10/12 later on that day.

Yeah, that's a possibility. That has been known to happen with tools before. It's also possible that the Host File shield in SpySweeper and MVPS Hosts files are conflicting with each other. I'm not too familiar with Webroot SpySweeper, so I'm not exactly sure what functions that utility has.

Lets hold up on doing anything with SpySweeper right now.

Are you familiar with this utility?

xp-AntiSpy 3.96-4

I'd like to have you run an rootkit scanner for me.

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2010/08/11 03:50:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/17 19:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/01/16 14:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/06/07 20:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O4 - HKLM..\Run: [ISW] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    
    :Reg
    
    :Files
    c:\windows\TEMP\SST-49AFC6E8-E9FC-4FCF-9B71-4D605442DED6.tmp
    type "C:\Qoobox\ComboFix2.txt" /c
    type "C:\Qoobox\ComboFix3.txt" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


Kindest Regards,
Agent ST.
  • 0

#5
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank You for your continued assitance, Agent ST.

I have used Webroot's Spysweeper for quite a few years based on good reviews, although their antivirus engine (via Sophos) is only fair since it results in too many false positives and missed samples. It is distressing that Anti Spyware software is tested much too weakly by magazines and websites. Spyware software needs something rigorous that tests the "best of the best" like AV-Comparitives, or even something like VB 100 to let us know what meets minimum acceptable performance. I started using Zonealarm AV & Firewall when they started licensing Kaspersky's AV engine.

***
I have used XP Antispy for years. It is a Freeware/Donationware utility written by German programmer Christian Taubenheim which can be dowloaded from Softpedia, MajorGeeks, Afterdawn and numerous other sites. It originally allowed you to stop Windows from "spying" on you - sending various sorts of info back to Microsoft. It has evolved over the years so that it allows you to enable or shut off various functions of Windows to increase pivacy or increase security, a dashboard that allows you to adjust various settings without having to hunt them all down and change them manually or edit your registry. As spyware has become a large threat over the years, the name has come to be confusing.

Screen shots here: http://www.snapfiles...s/xpantispy.htm

Computer rebooted. Although my mouse did not work, I was able to use the Enter key since the OK button on the dialogue box had the focus.

As the computer finished rebooting, it generated a "The system has recovered from a serious error" message.

GMER Log found below:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 16:41:16
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19

WDC_WD1600JS-00NCB1 rev.10.02E02
Running: g---mer.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pwloypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

ZwAdjustPrivilegesToken [0xA817D66E]
SSDT 8A4EBDC8

ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwClose [0xA817DF02]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwConnectPort

[0xA802B2F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent

[0xA817E7D0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreateFile

[0xA80255CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreateKey

[0xA804458A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant

[0xA817E6A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile

[0xA817D274]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreatePort

[0xA802BA80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreateProcess

[0xA803EE4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreateProcessEx

[0xA803F23C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreateSection

[0xA80486F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore

[0xA817E902]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

ZwCreateSymbolicLinkObject [0xA818058C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwCreateThread

[0xA817DBA0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort

[0xA802BBB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess

[0xA817FF36]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwDeleteFile

[0xA80261E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwDeleteKey

[0xA8045E3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwDeleteValueKey

[0xA80457B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile

[0xA817E178]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwDuplicateObject

[0xA803DD8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey

[0xA817CFAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey

[0xA817D056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile

[0xA817DF84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver

[0xA817FFC8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA8046794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwLoadKey2

[0xA804699C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwMapViewOfSection

[0xA8048A5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey

[0xA817D1A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent

[0xA817E872]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwOpenFile

[0xA8025DF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwOpenKey

[0xA817C6BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant

[0xA817E740]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwOpenProcess

[0xA8041160]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwOpenSection

[0xA81805B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore

[0xA817E9A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwOpenThread

[0xA8040D8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwQueryKey

[0xA817D100]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

ZwQueryMultipleValueKey [0xA817CD28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwQuerySection

[0xA8180958]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey

[0xA817C978]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread

[0xA81802A6]
SSDT 8A4EBCD8

ZwReadVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwRenameKey

[0xA804772A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwReplaceKey

[0xA8047060]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwReplyPort

[0xA817ED2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

ZwReplyWaitReceivePort [0xA817EBF4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort

[0xA802AEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwRestoreKey

[0xA80480FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwResumeThread

[0xA8180E30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwSaveKey

[0xA817C32A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwSecureConnectPort

[0xA802B59C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread

[0xA817DDBE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwSetInformationFile

[0xA80265A4]
SSDT 8A4F3CA0

ZwSetInformationKey
SSDT 8A4F39D0

ZwSetInformationProcess
SSDT 8A4EBFA8

ZwSetInformationThread
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken

[0xA817F586]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwSetSecurityObject

[0xA8047C6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

ZwSetSystemInformation [0xA8180A98]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwSetValueKey

[0xA8044F72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess

[0xA8180B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread

[0xA8180CA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling

Driver/Check Point Software Technologies LTD) ZwSystemDebugControl

[0xA803FEA4]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)

ZwTerminateProcess [0xA7FA8640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread

[0xA817D956]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection

[0xA818080E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory

[0xA817DAE0]

Code BA729C9C

ZwRequestPort
Code BA729BFC

ZwTraceEvent
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter

[fre_wxp_x86]/Kaspersky Lab)

IoIsOperationSynchronous
Code BA729C9B

NtRequestPort
Code BA729BFB

NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess

804EAEA0 5 Bytes JMP A8171FA8

\SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky

Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous

804EF828 5 Bytes JMP A8172382

\SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky

Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C50

80503A24 12 Bytes [80, BA, 02,

A8, 4E, EE, 03, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C60

80503A34 16 Bytes [F6, 86, 04,

A8, 02, E9, 17, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D1C

80503AF0 12 Bytes [C8, FF, 17,

A8, 94, 67, 04, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60

80503B34 4 Bytes CALL D2ACE350
.text ntkrnlpa.exe!ZwCallbackReturn + 2E98

80503C6C 16 Bytes [2A, 77, 04,

A8, 60, 70, 04, ...]
.text ...


.text ntkrnlpa.exe!NtTraceEvent

80534374 5 Bytes JMP BA729C00
PAGE ntkrnlpa.exe!NtRequestPort

805A1520 5 Bytes JMP BA729CA0
.text win32k.sys!EngPaint + 4F1

BF8255EF 5 Bytes JMP BA7295C0
.text win32k.sys!CLIPOBJ_bEnum + 2982

BF831388 5 Bytes JMP BA729700
.text win32k.sys!EngUnmapFontFileFD + EE41

BF841183 5 Bytes JMP BA729660
.text win32k.sys!FONTOBJ_pxoGetXform + DE42

BF85AD4E 5 Bytes JMP BA729A20
.text win32k.sys!EngCreateClip + 19C1

BF913245 2 Bytes JMP BA729AC0
.text win32k.sys!EngCreateClip + 19C4

BF913248 2 Bytes [E1, FA]

{LOOPZ 0xfffffffffffffffc}
.text win32k.sys!EngCreateClip + 1F51

BF9137D5 5 Bytes JMP BA729B60
.text win32k.sys!EngCreateClip + 2597

BF913E1B 5 Bytes JMP BA729840

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\brsvc01a.exe[356]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[356] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[460] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[468] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!GetCursor

7E41D749 5 Bytes JMP 00B61080

C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!DrawIconEx

7E41EB4E 5 Bytes JMP 00B61120

C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!GetIconInfo

7E41F052 5 Bytes JMP 00B61030

C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[820] SHELL32.dll!SHFileOperationW

7CA6FDEE 5 Bytes JMP 00B01102

C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\system32\services.exe[848]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[872] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP 20CB8E5D

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036]

ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe[1036] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1088] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5

Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5

Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5

Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

kernel32.dll!OpenProcess 7C830A01 5

Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5

Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

ADVAPI32.dll!SetThreadToken 77DDF141 5

Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

USER32.dll!FindWindowA 7E42DE87 5

Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1232]

USER32.dll!FindWindowW 7E42E13A 5

Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[1240] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1460] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxsrvc.exe[1624] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1660] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes

JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes

JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes

JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

kernel32.dll!OpenProcess 7C830A01 5 Bytes

JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes

JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes

JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

USER32.dll!FindWindowA 7E42DE87 5 Bytes

JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1840]

USER32.dll!FindWindowW 7E42E13A 5 Bytes

JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP 20CB8E5D

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1884]

USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1920] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2012]

kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP

20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2012]

USER32.dll!DefDlgProcW + 56E 7E423D08 2 Bytes JMP

20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2012]

USER32.dll!DefDlgProcW + 571 7E423D0B 2 Bytes [89,

A2]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes

JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes

JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes

JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

kernel32.dll!OpenProcess 7C830A01 5 Bytes

JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

USER32.dll!FindWindowA 7E42DE87 5 Bytes

JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

USER32.dll!FindWindowW 7E42E13A 5 Bytes

JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes

JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2052]

ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes

JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2084] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5

Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5

Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5

Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

kernel32.dll!OpenProcess 7C830A01 5

Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5

Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

ADVAPI32.dll!SetThreadToken 77DDF141 5

Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

USER32.dll!FindWindowA 7E42DE87 5

Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2128]

USER32.dll!FindWindowW 7E42E13A 5

Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP

20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP

20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP

20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP

20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

USER32.dll!GetCursor 7E41D749 5 Bytes JMP

00E11080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

USER32.dll!DrawIconEx 7E41EB4E 5 Bytes JMP

00E11120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

USER32.dll!GetIconInfo 7E41F052 5 Bytes JMP

00E11030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP

20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP

20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP

20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Jeff\Desktop\g---mer.exe[2156]

ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP

20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2292] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2336] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Tablet.exe[2532] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5

Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5

Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5

Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

kernel32.dll!OpenProcess 7C830A01 5

Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

USER32.dll!FindWindowA 7E42DE87 5

Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

USER32.dll!FindWindowW 7E42E13A 5

Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5

Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CursorXP\CursorXP.exe[2548]

ADVAPI32.dll!SetThreadToken 77DDF141 5

Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2620] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP

20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP

20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP

20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP

20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP

20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP

20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP

20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2672]

ADVAPI32.dll!SetThreadToken 77DDF141 5 Bytes JMP

20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP

20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP

20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP

20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP

20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] ADVAPI32.DLL!ImpersonateNamedPipeClient 77DD7406 5 Bytes JMP

20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] ADVAPI32.DLL!SetThreadToken 77DDF141 5 Bytes JMP

20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP

20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe[2760] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP

20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm

Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5

Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5

Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5

Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

kernel32.dll!OpenProcess 7C830A01 5

Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

USER32.dll!FindWindowA 7E42DE87 5

Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

USER32.dll!FindWindowW 7E42E13A 5

Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7406 5

Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2780]

ADVAPI32.dll!SetThreadToken 77DDF141 5

Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

ntdll.dll!NtAccessCheckByType 7C90CE8E 5

Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5

Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

ntdll.dll!NtSetInformationProcess 7C90DC9E 5

Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

kernel32.dll!OpenProcess 7C830A01 5

Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

user32.dll!FindWindowA 7E42DE87 5

Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

user32.dll!FindWindowW 7E42E13A 5

Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

advapi32.dll!ImpersonateNamedPipeClient 77DD7406 5

Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WallMaster\wallmast.exe[3280]

advapi32.dll!SetThreadToken 77DDF141 5

Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

(ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]

ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20CB8791 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]

ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]

ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20CB89AB C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] kernel32.dll!OpenProcess

7C830A01 5 Bytes JMP 20CB846C

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684]

ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7406 5 Bytes JMP 20CB8E5D C:\Program

Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] ADVAPI32.dll!SetThreadToken

77DDF141 5 Bytes JMP 20CB9036

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] USER32.dll!FindWindowA

7E42DE87 5 Bytes JMP 20CB828F

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3684] USER32.dll!FindWindowW

7E42E13A 5 Bytes JMP 20CB825A

C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser

Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs

ssfs0bbc.sys (Spy Sweeper

FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip

vsdatant.sys (ZoneAlarm

Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip

89FA1CF8
Device \Driver\Tcpip \Device\Ip

89EF3E10
Device \Driver\Tcpip \Device\Tcp

vsdatant.sys (ZoneAlarm

Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp

89FA1CF8
Device \Driver\Tcpip \Device\Tcp

89EF3E10
Device \Driver\Tcpip \Device\Udp

vsdatant.sys (ZoneAlarm

Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp

89FA1CF8
Device \Driver\Tcpip \Device\Udp

89EF3E10
Device \Driver\Tcpip \Device\RawIp

vsdatant.sys (ZoneAlarm

Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp

89FA1CF8
Device \Driver\Tcpip \Device\RawIp

89EF3E10
Device \Driver\Tcpip \Device\IPMULTICAST

vsdatant.sys (ZoneAlarm

Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST

89FA1CF8
Device \Driver\Tcpip \Device\IPMULTICAST

89EF3E10

---- EOF - GMER 1.0.15 ----

******
OTL log here:


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder c:\windows\TEMP\SST-49AFC6E8-E9FC-4FCF-9B71-4D605442DED6.tmp not found.
< type "C:\Qoobox\ComboFix2.txt" /c >
ComboFix 11-10-02.03 - Jeff 10/04/2011 7:12.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1554 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 11:10 . 2011-10-04 11:10 -------- d-----w- c:\windows\LastGood
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 05:55 . 2011-03-30 00:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( [email protected]_11.11.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-04 11:07 . 2011-10-04 11:07 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat
- 2011-06-06 02:46 . 2011-10-03 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-06 02:46 . 2011-10-04 11:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-11 06:49 . 2011-10-04 11:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-08-11 06:49 . 2011-10-03 05:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-08 02:46 . 2011-10-04 11:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-04-08 02:46 . 2011-10-03 05:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-10-04 11:10 . 2011-08-21 07:09 475736 c:\windows\LastGood\system32\DRIVERS\7826020drv.sys
+ 2011-10-04 11:10 . 2011-08-21 07:09 133208 c:\windows\LastGood\system32\DRIVERS\74437105.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-22 16126464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
"ISW"="" [BU]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-8-11 114688]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2010-8-11 288256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 26488742;26488742 Boot Guard Driver;c:\windows\system32\drivers\26488742.sys [5/11/2011 1:27 AM 37392]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 26488741;26488741;c:\windows\system32\drivers\26488741.sys [5/11/2011 1:27 AM 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 setup_9.0.0.722_06.06.2011_04-46drv;setup_9.0.0.722_06.06.2011_04-46drv;c:\windows\system32\drivers\2034379.sys [6/6/2011 5:59 AM 315408]
R1 setup_9.0.0.722_06.06.2011_12-48drv;setup_9.0.0.722_06.06.2011_12-48drv;c:\windows\system32\drivers\5125243.sys [6/6/2011 6:25 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [8/11/2010 3:34 AM 20328]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/5/2011 10:41 PM 1201640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [8/11/2010 5:54 AM 38656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 9:52 PM 47360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 74437105
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8281518752.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&rl=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-04 07:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(660)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CursorXP\CurXP0.dll
.
Completion time: 2011-10-04 07:20:21
ComboFix-quarantined-files.txt 2011-10-04 11:20
ComboFix2.txt 2011-10-03 11:13
.
Pre-Run: 43,767,078,912 bytes free
Post-Run: 43,757,187,072 bytes free
.
- - End Of File - - C475488956FDDDB4365C2BAAFCD6982D
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
< type "C:\Qoobox\ComboFix3.txt" /c >
ComboFix 11-10-02.03 - Jeff 10/03/2011 7:04.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1408 [GMT -4:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeff\Application Data\vso_ts_preview.xml
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 05:55 . 2011-03-30 00:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-27 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-22 16126464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ButtonBoogie.lnk - c:\program files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe [2010-8-11 303104]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-8-11 114688]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2010-8-11 288256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 26488742;26488742 Boot Guard Driver;c:\windows\system32\drivers\26488742.sys [5/11/2011 1:27 AM 37392]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 26488741;26488741;c:\windows\system32\drivers\26488741.sys [5/11/2011 1:27 AM 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 setup_9.0.0.722_06.06.2011_04-46drv;setup_9.0.0.722_06.06.2011_04-46drv;c:\windows\system32\drivers\2034379.sys [6/6/2011 5:59 AM 315408]
R1 setup_9.0.0.722_06.06.2011_12-48drv;setup_9.0.0.722_06.06.2011_12-48drv;c:\windows\system32\drivers\5125243.sys [6/6/2011 6:25 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [8/11/2010 3:34 AM 20328]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/5/2011 10:41 PM 1201640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [8/11/2010 5:54 AM 38656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 9:52 PM 47360]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8281518752.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
- c:\documents and settings\Jeff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&rl=1
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 07:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2011-10-03 07:13:17
ComboFix-quarantined-files.txt 2011-10-03 11:13
.
Pre-Run: 43,728,224,256 bytes free
Post-Run: 43,749,814,272 bytes free
.
- - End Of File - - D2DB0AF1B6916E5135688962BCBB4986
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 4180212 bytes
->Temporary Internet Files folder emptied: 401035 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42880409 bytes
->Google Chrome cache emptied: 375417666 bytes
->Opera cache emptied: 5944650 bytes
->Flash cache emptied: 580 bytes

User: LocalService
->Temp folder emptied: 986296 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 986296 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1300680 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 412.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jeff
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10232011_164205

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

***

Once again, thank you very much for your assistance.

Jeff Ferreri
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Jeff!

I have used XP Antispy for years. It is a Freeware/Donationware utility written by German programmer Christian Taubenheim which can be dowloaded from Softpedia, MajorGeeks, Afterdawn and numerous other sites. It originally allowed you to stop Windows from "spying" on you - sending various sorts of info back to Microsoft. It has evolved over the years so that it allows you to enable or shut off various functions of Windows to increase pivacy or increase security, a dashboard that allows you to adjust various settings without having to hunt them all down and change them manually or edit your registry. As spyware has become a large threat over the years, the name has come to be confusing.

Thanks for that information regarding that utility. I've never really heard of it before, so was just curious if you were aware of it being installed, and it seems you are, so no worries there.

Any particular reason you haven't updated to Service Pack 3?

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#7
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Wow, I see we are banging away at it from all sides! Security Check is a tool I wasn't aware of.

Don't you miss the days when all you had to do was run a firewall and know how to use an AntiVirus program and 9 out of 10 people thought you were a security expert? :-) When gmer and icesword first appeared I took a run at a few rootkits, but today's malware is like a car - it is so complex and convoluted that you need entirely new training and tools.

***

As for updating to SP3, my copy of Windows XP is a promotional one I bought with an Intel mobo when I worked at Office Max about 6 years ago before getting my teaching certification. It was SP2 beta, and it gives me all kinds of trouble installing and reinstalling. It installs SP1 half the time and if SP2 beta is there it won't let me put the final SP2 overtop of it. After a lot of reformatting from multiple efforts (and language befitting a sailor) I can manage to get it right. With all of the problems being reported with SP3 at first, I was anxious about trying to install it (although I downloaded it from M$.) I suppose that once this is issue is over I should bite the bullet and give it a whirl. I should also start scraping together some cash to build a new machine and move to Windows 7, since I was leary of Vista and trying to avoid the Every-Other-OS-curse of M$. I also have a lot of little open source and freeware utilities that I like and think Win7 won't play nice with a lot of them. I suppose this could become a XP workstation that's offline and used for those sorts of fiddly things.

***

After running Security Check, I thought I should turn on my security software. The computer became sluggish then froze. This could have been sue to trying to start all the software up at the same time (although I don't seem to have trouble with it during start up) so I did a hard reboot.

Windows restarted, but I had to go into the Task Manager and use New Task>Run: explorer.exe to get the desktop to appear. However, none of my security software was up and running, so I used the start button and did a Restart, where upon Windows loaded normally and all of the security software was up & running. Could be malware activivty, but it could also just be system flakiness. Ran Security Check a second time with all of the security softwware running and attached that log as well.

***
I suspect the Eset results are false positives - the Northpointe website file was last modified in 2010, Folderlock was last modified in 2005, and TestMyHardware was last modified in 2006

ESET Scan Results:
E:\Northpointe Academy\School Website\html\650\bt-7eocgp5.php JS/Kryptik.Q trojan
F:\Security\Folder Lock\folder-lock.exe probably a variant of Win32/Agent.JNUGWF trojan
F:\Utilities\Test My Hardware\testmh-repair.exe a variant of Win32/Adware.ErrorRepairPro application

***
TDSS Killer Log:
00:25:42.0000 2792 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
00:25:42.0359 2792 ============================================================
00:25:42.0359 2792 Current date / time: 2011/10/24 00:25:42.0359
00:25:42.0359 2792 SystemInfo:
00:25:42.0359 2792
00:25:42.0359 2792 OS Version: 5.1.2600 ServicePack: 2.0
00:25:42.0359 2792 Product type: Workstation
00:25:42.0359 2792 ComputerName: JEFFDESK
00:25:42.0359 2792 UserName: Jeff
00:25:42.0359 2792 Windows directory: C:\WINDOWS
00:25:42.0359 2792 System windows directory: C:\WINDOWS
00:25:42.0359 2792 Processor architecture: Intel x86
00:25:42.0359 2792 Number of processors: 4
00:25:42.0359 2792 Page size: 0x1000
00:25:42.0359 2792 Boot type: Normal boot
00:25:42.0359 2792 ============================================================
00:25:43.0500 2792 Initialize success
00:26:09.0281 3652 ============================================================
00:26:09.0281 3652 Scan started
00:26:09.0281 3652 Mode: Manual;
00:26:09.0281 3652 ============================================================
00:26:09.0640 3652 26488741 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\26488741.sys
00:26:09.0640 3652 26488741 - ok
00:26:09.0656 3652 26488742 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\26488742.sys
00:26:09.0671 3652 26488742 - ok
00:26:09.0671 3652 Abiosdsk - ok
00:26:09.0671 3652 abp480n5 - ok
00:26:09.0703 3652 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:26:09.0703 3652 ACPI - ok
00:26:09.0734 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:26:09.0734 3652 ACPIEC - ok
00:26:09.0750 3652 adpu160m - ok
00:26:09.0781 3652 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
00:26:09.0781 3652 aec - ok
00:26:09.0812 3652 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
00:26:09.0828 3652 AFD - ok
00:26:09.0859 3652 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
00:26:09.0859 3652 AFS2K - ok
00:26:09.0859 3652 Aha154x - ok
00:26:09.0875 3652 aic78u2 - ok
00:26:09.0875 3652 aic78xx - ok
00:26:09.0890 3652 AliIde - ok
00:26:09.0890 3652 amsint - ok
00:26:09.0921 3652 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:26:09.0921 3652 Arp1394 - ok
00:26:09.0921 3652 asc - ok
00:26:09.0937 3652 asc3350p - ok
00:26:09.0937 3652 asc3550 - ok
00:26:09.0968 3652 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
00:26:09.0968 3652 AsIO - ok
00:26:09.0984 3652 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:26:09.0984 3652 AsyncMac - ok
00:26:10.0000 3652 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:26:10.0000 3652 atapi - ok
00:26:10.0031 3652 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
00:26:10.0031 3652 AtcL001 - ok
00:26:10.0031 3652 Atdisk - ok
00:26:10.0062 3652 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:26:10.0062 3652 Atmarpc - ok
00:26:10.0109 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:26:10.0109 3652 audstub - ok
00:26:10.0140 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:26:10.0140 3652 Beep - ok
00:26:10.0171 3652 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
00:26:10.0171 3652 BrPar - ok
00:26:10.0234 3652 catchme - ok
00:26:10.0281 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:26:10.0281 3652 cbidf2k - ok
00:26:10.0281 3652 cd20xrnt - ok
00:26:10.0296 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:26:10.0296 3652 Cdaudio - ok
00:26:10.0296 3652 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
00:26:10.0312 3652 Cdfs - ok
00:26:10.0312 3652 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:26:10.0312 3652 Cdrom - ok
00:26:10.0328 3652 Changer - ok
00:26:10.0328 3652 CmdIde - ok
00:26:10.0343 3652 Cpqarray - ok
00:26:10.0375 3652 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
00:26:10.0375 3652 cpuz134 - ok
00:26:10.0375 3652 dac2w2k - ok
00:26:10.0390 3652 dac960nt - ok
00:26:10.0390 3652 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
00:26:10.0390 3652 Disk - ok
00:26:10.0453 3652 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
00:26:10.0484 3652 dmboot - ok
00:26:10.0531 3652 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
00:26:10.0546 3652 dmio - ok
00:26:10.0562 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:26:10.0562 3652 dmload - ok
00:26:10.0593 3652 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
00:26:10.0609 3652 DMusic - ok
00:26:10.0609 3652 dpti2o - ok
00:26:10.0640 3652 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
00:26:10.0640 3652 drmkaud - ok
00:26:10.0671 3652 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
00:26:10.0671 3652 Fastfat - ok
00:26:10.0687 3652 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:26:10.0703 3652 Fdc - ok
00:26:10.0718 3652 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
00:26:10.0718 3652 Fips - ok
00:26:10.0718 3652 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:26:10.0734 3652 Flpydisk - ok
00:26:10.0765 3652 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:26:10.0765 3652 FltMgr - ok
00:26:10.0781 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:26:10.0781 3652 Fs_Rec - ok
00:26:10.0781 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:26:10.0781 3652 Ftdisk - ok
00:26:10.0796 3652 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:26:10.0796 3652 Gpc - ok
00:26:10.0828 3652 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:26:10.0828 3652 HDAudBus - ok
00:26:10.0843 3652 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:26:10.0843 3652 HidUsb - ok
00:26:10.0843 3652 hpn - ok
00:26:10.0875 3652 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:26:10.0875 3652 HPZid412 - ok
00:26:10.0890 3652 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:26:10.0890 3652 HPZipr12 - ok
00:26:10.0921 3652 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:26:10.0921 3652 HPZius12 - ok
00:26:10.0953 3652 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
00:26:10.0953 3652 HTTP - ok
00:26:10.0968 3652 i2omgmt - ok
00:26:10.0968 3652 i2omp - ok
00:26:11.0000 3652 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:26:11.0000 3652 i8042prt - ok
00:26:11.0171 3652 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:26:11.0312 3652 ialm - ok
00:26:11.0328 3652 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:26:11.0328 3652 Imapi - ok
00:26:11.0328 3652 ini910u - ok
00:26:11.0468 3652 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:26:11.0500 3652 IntcAzAudAddService - ok
00:26:11.0500 3652 IntelIde - ok
00:26:11.0531 3652 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:26:11.0531 3652 intelppm - ok
00:26:11.0546 3652 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:26:11.0546 3652 Ip6Fw - ok
00:26:11.0578 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:26:11.0578 3652 IpFilterDriver - ok
00:26:11.0578 3652 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:26:11.0578 3652 IpInIp - ok
00:26:11.0609 3652 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:26:11.0609 3652 IpNat - ok
00:26:11.0671 3652 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:26:11.0671 3652 IPSec - ok
00:26:11.0687 3652 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:26:11.0687 3652 IRENUM - ok
00:26:11.0703 3652 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:26:11.0703 3652 isapnp - ok
00:26:11.0781 3652 ISWKL (c76357e42ff11a00b3fe0a7b341e3f5f) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
00:26:11.0781 3652 ISWKL - ok
00:26:11.0796 3652 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:26:11.0796 3652 Kbdclass - ok
00:26:11.0812 3652 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:26:11.0828 3652 kbdhid - ok
00:26:11.0859 3652 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
00:26:11.0859 3652 KL1 - ok
00:26:11.0859 3652 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
00:26:11.0875 3652 kl2 - ok
00:26:11.0906 3652 KLIF (f934de04ac53b08457b92db6e4dee2e5) C:\WINDOWS\system32\DRIVERS\klif.sys
00:26:11.0906 3652 KLIF - ok
00:26:11.0937 3652 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
00:26:11.0953 3652 kmixer - ok
00:26:11.0968 3652 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
00:26:11.0968 3652 KSecDD - ok
00:26:11.0984 3652 lbrtfdc - ok
00:26:12.0000 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:26:12.0015 3652 mnmdd - ok
00:26:12.0015 3652 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
00:26:12.0015 3652 Modem - ok
00:26:12.0046 3652 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:26:12.0046 3652 Mouclass - ok
00:26:12.0062 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:26:12.0062 3652 mouhid - ok
00:26:12.0062 3652 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
00:26:12.0078 3652 MountMgr - ok
00:26:12.0078 3652 mraid35x - ok
00:26:12.0093 3652 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:26:12.0109 3652 MRxDAV - ok
00:26:12.0140 3652 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:26:12.0140 3652 MRxSmb - ok
00:26:12.0156 3652 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
00:26:12.0156 3652 Msfs - ok
00:26:12.0187 3652 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:26:12.0187 3652 MSKSSRV - ok
00:26:12.0203 3652 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:26:12.0203 3652 MSPCLOCK - ok
00:26:12.0203 3652 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
00:26:12.0218 3652 MSPQM - ok
00:26:12.0250 3652 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:26:12.0250 3652 mssmbios - ok
00:26:12.0265 3652 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
00:26:12.0265 3652 MTsensor - ok
00:26:12.0265 3652 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
00:26:12.0281 3652 Mup - ok
00:26:12.0281 3652 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
00:26:12.0281 3652 NDIS - ok
00:26:12.0312 3652 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:26:12.0328 3652 NdisTapi - ok
00:26:12.0359 3652 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:26:12.0359 3652 Ndisuio - ok
00:26:12.0421 3652 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:26:12.0421 3652 NdisWan - ok
00:26:12.0437 3652 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
00:26:12.0437 3652 NDProxy - ok
00:26:12.0437 3652 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:26:12.0437 3652 NetBIOS - ok
00:26:12.0453 3652 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:26:12.0453 3652 NetBT - ok
00:26:12.0500 3652 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:26:12.0500 3652 NIC1394 - ok
00:26:12.0531 3652 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
00:26:12.0531 3652 Npfs - ok
00:26:12.0593 3652 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
00:26:12.0593 3652 Ntfs - ok
00:26:12.0640 3652 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
00:26:12.0640 3652 NuidFltr - ok
00:26:12.0656 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:26:12.0656 3652 Null - ok
00:26:12.0671 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:26:12.0687 3652 NwlnkFlt - ok
00:26:12.0687 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:26:12.0687 3652 NwlnkFwd - ok
00:26:12.0703 3652 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:26:12.0703 3652 ohci1394 - ok
00:26:12.0734 3652 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
00:26:12.0734 3652 Parport - ok
00:26:12.0734 3652 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
00:26:12.0734 3652 PartMgr - ok
00:26:12.0765 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:26:12.0765 3652 ParVdm - ok
00:26:12.0781 3652 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
00:26:12.0781 3652 PCI - ok
00:26:12.0796 3652 PCIDump - ok
00:26:12.0796 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:26:12.0796 3652 PCIIde - ok
00:26:12.0812 3652 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:26:12.0828 3652 Pcmcia - ok
00:26:12.0843 3652 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
00:26:12.0843 3652 pcouffin - ok
00:26:12.0843 3652 PDCOMP - ok
00:26:12.0859 3652 PDFRAME - ok
00:26:12.0859 3652 PDRELI - ok
00:26:12.0875 3652 PDRFRAME - ok
00:26:12.0875 3652 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
00:26:12.0890 3652 PenClass - ok
00:26:12.0890 3652 perc2 - ok
00:26:12.0890 3652 perc2hib - ok
00:26:12.0921 3652 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
00:26:12.0921 3652 Point32 - ok
00:26:12.0937 3652 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:26:12.0937 3652 PptpMiniport - ok
00:26:12.0937 3652 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
00:26:12.0953 3652 PSched - ok
00:26:12.0953 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:26:12.0953 3652 Ptilink - ok
00:26:12.0968 3652 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:26:12.0968 3652 PxHelp20 - ok
00:26:12.0984 3652 ql1080 - ok
00:26:12.0984 3652 Ql10wnt - ok
00:26:12.0984 3652 ql12160 - ok
00:26:13.0000 3652 ql1240 - ok
00:26:13.0000 3652 ql1280 - ok
00:26:13.0015 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:26:13.0015 3652 RasAcd - ok
00:26:13.0046 3652 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:26:13.0046 3652 Rasl2tp - ok
00:26:13.0046 3652 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:26:13.0046 3652 RasPppoe - ok
00:26:13.0062 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:26:13.0062 3652 Raspti - ok
00:26:13.0093 3652 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:26:13.0093 3652 Rdbss - ok
00:26:13.0125 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:26:13.0125 3652 RDPCDD - ok
00:26:13.0171 3652 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:26:13.0187 3652 rdpdr - ok
00:26:13.0218 3652 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
00:26:13.0218 3652 RDPWD - ok
00:26:13.0250 3652 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:26:13.0250 3652 redbook - ok
00:26:13.0328 3652 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:26:13.0328 3652 SASDIFSV - ok
00:26:13.0343 3652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:26:13.0343 3652 SASKUTIL - ok
00:26:13.0375 3652 SbieDrv (9842b0829f6a19b7cd9f4d423c534735) C:\Program Files\Sandboxie\SbieDrv.sys
00:26:13.0375 3652 SbieDrv - ok
00:26:13.0390 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:26:13.0406 3652 Secdrv - ok
00:26:13.0437 3652 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:26:13.0437 3652 serenum - ok
00:26:13.0437 3652 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
00:26:13.0453 3652 Serial - ok
00:26:13.0484 3652 setup_9.0.0.722_06.06.2011_04-46drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\2034379.sys
00:26:13.0484 3652 setup_9.0.0.722_06.06.2011_04-46drv - ok
00:26:13.0515 3652 setup_9.0.0.722_06.06.2011_12-48drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\5125243.sys
00:26:13.0515 3652 setup_9.0.0.722_06.06.2011_12-48drv - ok
00:26:13.0515 3652 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:26:13.0531 3652 Sfloppy - ok
00:26:13.0531 3652 Simbad - ok
00:26:13.0531 3652 Sparrow - ok
00:26:13.0562 3652 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
00:26:13.0562 3652 splitter - ok
00:26:13.0578 3652 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
00:26:13.0593 3652 sr - ok
00:26:13.0625 3652 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
00:26:13.0625 3652 Srv - ok
00:26:13.0640 3652 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
00:26:13.0640 3652 ssfs0bbc - ok
00:26:13.0656 3652 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
00:26:13.0656 3652 sshrmd - ok
00:26:13.0687 3652 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
00:26:13.0687 3652 ssidrv - ok
00:26:13.0703 3652 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:26:13.0703 3652 swenum - ok
00:26:13.0734 3652 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
00:26:13.0734 3652 swmidi - ok
00:26:13.0750 3652 symc810 - ok
00:26:13.0750 3652 symc8xx - ok
00:26:13.0750 3652 sym_hi - ok
00:26:13.0765 3652 sym_u3 - ok
00:26:13.0796 3652 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
00:26:13.0796 3652 sysaudio - ok
00:26:13.0843 3652 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:26:13.0859 3652 Tcpip - ok
00:26:13.0921 3652 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:26:13.0921 3652 TDPIPE - ok
00:26:13.0937 3652 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
00:26:13.0937 3652 TDTCP - ok
00:26:13.0968 3652 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:26:13.0968 3652 TermDD - ok
00:26:13.0984 3652 TosIde - ok
00:26:14.0015 3652 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
00:26:14.0015 3652 Udfs - ok
00:26:14.0015 3652 ultra - ok
00:26:14.0062 3652 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
00:26:14.0078 3652 Update - ok
00:26:14.0109 3652 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:26:14.0109 3652 usbccgp - ok
00:26:14.0156 3652 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:26:14.0156 3652 usbehci - ok
00:26:14.0171 3652 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:26:14.0171 3652 usbhub - ok
00:26:14.0203 3652 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:26:14.0203 3652 usbprint - ok
00:26:14.0218 3652 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:26:14.0234 3652 usbscan - ok
00:26:14.0265 3652 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:26:14.0265 3652 USBSTOR - ok
00:26:14.0265 3652 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:26:14.0265 3652 usbuhci - ok
00:26:14.0296 3652 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
00:26:14.0296 3652 VgaSave - ok
00:26:14.0296 3652 ViaIde - ok
00:26:14.0312 3652 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
00:26:14.0328 3652 VolSnap - ok
00:26:14.0359 3652 Vsdatant (01fada5896b3d75decb2196435060251) C:\WINDOWS\system32\vsdatant.sys
00:26:14.0390 3652 Vsdatant - ok
00:26:14.0406 3652 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:26:14.0406 3652 Wanarp - ok
00:26:14.0453 3652 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:26:14.0468 3652 Wdf01000 - ok
00:26:14.0484 3652 WDICA - ok
00:26:14.0515 3652 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
00:26:14.0515 3652 wdmaud - ok
00:26:14.0546 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:26:14.0671 3652 \Device\Harddisk0\DR0 - ok
00:26:14.0687 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:26:14.0984 3652 \Device\Harddisk1\DR1 - ok
00:26:14.0984 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
00:26:15.0000 3652 \Device\Harddisk2\DR2 - ok
00:26:15.0000 3652 Boot (0x1200) (c3babee5d63aa64dd1adc731473ae9bf) \Device\Harddisk0\DR0\Partition0
00:26:15.0000 3652 \Device\Harddisk0\DR0\Partition0 - ok
00:26:15.0015 3652 Boot (0x1200) (649261d6e44e5dbda173b93d4bf91c74) \Device\Harddisk1\DR1\Partition0
00:26:15.0015 3652 \Device\Harddisk1\DR1\Partition0 - ok
00:26:15.0015 3652 Boot (0x1200) (d09d4f6ce266240d76bd2f526ac28fc0) \Device\Harddisk1\DR1\Partition1
00:26:15.0015 3652 \Device\Harddisk1\DR1\Partition1 - ok
00:26:15.0015 3652 ============================================================
00:26:15.0015 3652 Scan finished
00:26:15.0015 3652 ============================================================
00:26:15.0015 2140 Detected object count: 0
00:26:15.0015 2140 Actual detected object count: 0

***
MBAM Log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8009

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/24/2011 12:36:02 AM
mbam-log-2011-10-24 (00-36-02).txt

Scan type: Quick scan
Objects scanned: 153337
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***
First Security Check Log:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Toolbar
ZoneAlarm Security
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

***
Second Security Check Log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Toolbar
ZoneAlarm Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Jeff,

Wow, I see we are banging away at it from all sides! Security Check is a tool I wasn't aware of.

Yes, we are. I like to be very thorough.

Don't you miss the days when all you had to do was run a firewall and know how to use an AntiVirus program and 9 out of 10 people thought you were a security expert? :-) When gmer and icesword first appeared I took a run at a few rootkits, but today's malware is like a car - it is so complex and convoluted that you need entirely new training and tools.

Yes, those were definitely the old days, when malware wasn't as complex as it is today.

As for updating to SP3, my copy of Windows XP is a promotional one I bought with an Intel mobo when I worked at Office Max about 6 years ago before getting my teaching certification. It was SP2 beta, and it gives me all kinds of trouble installing and reinstalling. It installs SP1 half the time and if SP2 beta is there it won't let me put the final SP2 overtop of it. After a lot of reformatting from multiple efforts (and language befitting a sailor) I can manage to get it right. With all of the problems being reported with SP3 at first, I was anxious about trying to install it (although I downloaded it from M$.) I suppose that once this is issue is over I should bite the bullet and give it a whirl. I should also start scraping together some cash to build a new machine and move to Windows 7, since I was leary of Vista and trying to avoid the Every-Other-OS-curse of M$. I also have a lot of little open source and freeware utilities that I like and think Win7 won't play nice with a lot of them. I suppose this could become a XP workstation that's offline and used for those sorts of fiddly things.

Okay, I asked because Microsoft no longer supports XP SP2, so not updating to SP3 is going to leave you wide open to exploits. I'm going to provide instructions for updating to SP3, it's your call if you want to proceed with updating to SP3 or not.

I suspect the Eset results are false positives - the Northpointe website file was last modified in 2010, Folderlock was last modified in 2005, and TestMyHardware was last modified in 2006

Okay, lets upload those files to VirusTotal, and see what they say:

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: E:\Northpointe Academy\School Website\html\650\bt-7eocgp5.php
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please repeat the above process for the following file below:

F:\Security\Folder Lock\folder-lock.exe
F:\Utilities\Test My Hardware\testmh-repair.exe

Please post the results in your next reply


NEXT:


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • HijackThis 1.99.1


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Update Windows XP
Service Pack 3 (SP3)
It would be in your best interest to install this service pack. This update includes all previously released updates for your system.
Microsoft advises that SP1 or SP1a needs to be installed before installing this update.
Attention: The SP3 download is very large! Based on your Internet connection... be prepared, it could take hours to download!!
Alternately, you could see if a friend or family member has the SP3 update on CD or order it from MS for a fee ... based on your location.

This will be a 2 step process...
The 1st step in this process is to apply Service Pack 3 (SP3) for Windows XP. This update, includes security fixes, to protect your computer.
The 2nd step is to apply all the critical updates and patches since SP3 was released.
Note: If at any time during these steps, you experience problems with your computer...:stop: ...Do not continue with the steps and post a description of the problem.
  • First
  • Obtain Windows XP Service Pack 3 from the Microsoft Download Center
  • Click the Download ...button. Choose "Save" at the prompt...and save the file to your desktop.
  • Double click the "WindowsXP-KB936929-SP3-x86-ENU.exe" file on your desktop to install the update.
    When the installation has completed successfully...
  • ! IMPORTANT ! reboot your computer (normally) before proceeding to the next step.
Second
  • Now...Go to: Windows Update and install the Critical Updates.
  • Press the "Express"...button to have all "critical" updates shown.
  • Make sure all critical updates and patches are checked for download and installation.
  • Press the Install Updates ... button to begin downloading and installing the updates
    After successfully installing the critical updates and patches...
  • ! IMPORTANT ! reboot your computer normally (again) before proceeding.


NEXT:



We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#9
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Greetings, Agent ST.

Virus Total was run.
Looks like folder-lock.exe is bad! As Kaspersky did not identify it as malware, I can see why my virus scans have missed it. I'm surprised, although NOD32 reporting "probably a variant of..." makes me wonder whether this is a false positive or not.

Clicking "Compact" each time yielded the messsage "Not found" for every file (?), so I did a copy & paste into notepad and cleaned up each listing by inserting a lot of tabs to make it readable.

Virus Total results:

E:\Northpointe Academy\School Website\html\650\bt-7eocgp5.php
File name: bt-7eocgp5.php
Submission date: 2011-10-25 03:20:39 (UTC)
Current status: finished
Result: 5/ 43 (11.6%)


Antivirus Version Last Update Result
AhnLab-V3 2011.10.24.01 2011.10.24 -
AntiVir 7.11.16.133 2011.10.24 -
Antiy-AVL 2.0.3.7 2011.10.25 -
Avast 6.0.1289.0 2011.10.25 JS:Redirector-CD [Trj]
AVG 10.0.0.1190 2011.10.25 -
BitDefender 7.2 2011.10.25 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.24 -
ClamAV 0.97.3.0 2011.10.25 -
Commtouch 5.3.2.6 2011.10.25 -
Comodo 10547 2011.10.25 -
DrWeb 5.0.2.03300 2011.10.25 -
Emsisoft 5.1.0.11 2011.10.25 -
eSafe 7.0.17.0 2011.10.24 -
eTrust-Vet 36.1.8637 2011.10.24 -
F-Prot 4.6.5.141 2011.10.25 -
F-Secure 9.0.16440.0 2011.10.25 -
Fortinet 4.3.370.0 2011.10.25 -
GData 22 2011.10.25 JS:Redirector-CD
Ikarus T3.1.1.107.0 2011.10.25 -
Jiangmin 13.0.900 2011.10.24 -
K7AntiVirus 9.116.5334 2011.10.24 -
Kaspersky 9.0.0.837 2011.10.24 -
McAfee 5.400.0.1158 2011.10.25 -
McAfee-GW-Edition 2010.1D 2011.10.24 -
Microsoft 1.7801 2011.10.24 Trojan:JS/Redirector
NOD32 6571 2011.10.25 JS/Kryptik.Q
Norman 6.07.13 2011.10.24 -
nProtect 2011-10-24.01 2011.10.24 -
Panda 10.0.3.5 2011.10.24 -
PCTools 8.0.0.5 2011.10.25 -
Prevx 3.0 2011.10.25 -
Rising 23.81.00.02 2011.10.24 -
Sophos 4.70.0 2011.10.25 -
SUPERAntiSpyware 4.40.0.1006 2011.10.25 -
Symantec 20111.2.0.82 2011.10.25 -
TheHacker 6.7.0.1.330 2011.10.24 -
TrendMicro 9.500.0.1008 2011.10.24 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.25 -
VBA32 3.12.16.4 2011.10.24 -
VIPRE 10866 2011.10.25 Trojan.JS.Redirector.bg (v)
ViRobot 2011.10.24.4735 2011.10.24 -
VirusBuster 14.1.28.0 2011.10.24 -

MD5 : 374fea9d0f74c1717f38770c9f04d7ae
SHA1 : cc2e617e82d8d911b7d8541dbad8aab8ac833c09
SHA256: 61d2d457beea3b97c32301995bae2d169bc910c8d73cc5f31f023a07d9b26a1f


F:\Security\Folder Lock\folder-lock.exe
File name: folder-lock.exe
Submission date: 2011-10-25 03:04:53 (UTC)
Current status: finished
Result: 21/ 42 (50.0%)
Antivirus Version Last Update Result
AhnLab-V3 2011.10.24.01 2011.10.24 -
AntiVir 7.11.16.133 2011.10.24 TR/Dynamer.dtc.7890
Antiy-AVL 2.0.3.7 2011.10.25 -
Avast 6.0.1289.0 2011.10.25 Win32:PUP-gen [PUP]
AVG 10.0.0.1190 2011.10.25 Dropper.Generic.CLUW
BitDefender 7.2 2011.10.25 Trojan.Generic.4043261
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.24 -
ClamAV 0.97.3.0 2011.10.25 -
Commtouch 5.3.2.6 2011.10.25 -
Comodo 10547 2011.10.25 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.10.25 -
Emsisoft 5.1.0.11 2011.10.25 Trojan.Win32.Dynamer!IK
eSafe 7.0.17.0 2011.10.24 Win32.Trojan
eTrust-Vet 36.1.8637 2011.10.24 -
F-Prot 4.6.5.141 2011.10.25 -
F-Secure 9.0.16440.0 2011.10.25 Trojan.Generic.4043261
Fortinet 4.3.370.0 2011.10.25 -
GData 22 2011.10.25 Trojan.Generic.4043261
Ikarus T3.1.1.107.0 2011.10.25 Trojan.Win32.Dynamer
Jiangmin 13.0.900 2011.10.24 -
K7AntiVirus 9.116.5334 2011.10.24 -
Kaspersky 9.0.0.837 2011.10.24 -
McAfee 5.400.0.1158 2011.10.25 Artemis!06105ED59FDC
McAfee-GW-Edition 2010.1D 2011.10.24 Artemis!06105ED59FDC
Microsoft 1.7801 2011.10.24 Trojan:Win32/Dynamer!dtc
NOD32 6571 2011.10.25 probably a variant of Win32/Agent.JNUGWF
Norman 6.07.13 2011.10.24 W32/Suspicious_Gen2.NUTLE
Panda 10.0.3.5 2011.10.24 Trj/CI.A
PCTools 8.0.0.5 2011.10.25 Trojan.ADH
Prevx 3.0 2011.10.25 -
Rising 23.81.00.02 2011.10.24 -
Sophos 4.70.0 2011.10.25 -
SUPERAntiSpyware 4.40.0.1006 2011.10.25 -
Symantec 20111.2.0.82 2011.10.25 Trojan.ADH
TheHacker 6.7.0.1.330 2011.10.24 -
TrendMicro 9.500.0.1008 2011.10.24 TROJ_GEN.R47C2I2
TrendMicro-HouseCall 9.500.0.1008 2011.10.25 TROJ_GEN.R47C2I2
VBA32 3.12.16.4 2011.10.24 -
VIPRE 10866 2011.10.25 Trojan.Win32.Generic!BT
ViRobot 2011.10.24.4735 2011.10.24 -
VirusBuster 14.1.28.0 2011.10.24 -

MD5 : 06105ed59fdcf7b6b967693e13f7133c
SHA1 : 2e9e8d428ad714c3884a1d762b1b081e546295bb
SHA256: 5e1878e592792e7a9d983e32a6fed1866afdd10b039890bf7ca30c1f3cdf733a


F:\Utilities\Test My Hardware\testmh-repair.exe
File name: testmh-repair.exe
Submission date: 2011-10-25 03:19:38 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2011.10.24.01 2011.10.24 -
AntiVir 7.11.16.133 2011.10.24 -
Antiy-AVL 2.0.3.7 2011.10.25 -
Avast 6.0.1289.0 2011.10.25 -
AVG 10.0.0.1190 2011.10.25 -
BitDefender 7.2 2011.10.25 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.24 -
ClamAV 0.97.3.0 2011.10.25 -
Commtouch 5.3.2.6 2011.10.25 -
Comodo 10547 2011.10.25 -
Emsisoft 5.1.0.11 2011.10.25 -
eSafe 7.0.17.0 2011.10.24 -
eTrust-Vet 36.1.8637 2011.10.24 -
F-Prot 4.6.5.141 2011.10.25 -
F-Secure 9.0.16440.0 2011.10.25 -
Fortinet 4.3.370.0 2011.10.25 -
GData 22 2011.10.25 -
Ikarus T3.1.1.107.0 2011.10.25 -
Jiangmin 13.0.900 2011.10.24 -
K7AntiVirus 9.116.5334 2011.10.24 -
Kaspersky 9.0.0.837 2011.10.24 -
McAfee 5.400.0.1158 2011.10.25 -
McAfee-GW-Edition 2010.1D 2011.10.24 -
Microsoft 1.7801 2011.10.24 -
NOD32 6571 2011.10.25 -
Norman 6.07.13 2011.10.24 -
nProtect 2011-10-24.01 2011.10.24 -
Panda 10.0.3.5 2011.10.24 -
PCTools 8.0.0.5 2011.10.25 -
Prevx 3.0 2011.10.25 -
Rising 23.81.00.02 2011.10.24 -
Sophos 4.70.0 2011.10.25 -
SUPERAntiSpyware4.40.0.1006 2011.10.25 -
Symantec 20111.2.0.82 2011.10.25 -
TheHacker 6.7.0.1.330 2011.10.24 -
TrendMicro 9.500.0.1008 2011.10.24 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.25 -
VBA32 3.12.16.4 2011.10.24 -
VIPRE 10866 2011.10.25 -
ViRobot 2011.10.24.4735 2011.10.24 -
VirusBuster 14.1.28.0 2011.10.24 -

MD5 : ff5e9c809f4ca854d24bab466db1f6e6
SHA1 : 10838eb0779228643421ceff4ab40d1c7ac21a0c
SHA256: 2a4229d632bc8c68e814489be5d6d10d54d58c397aeb12943bead4cc93edd803


***
Flash is now updated for all browsers.

Java unistalled and updated.

HiJack This 1.99.1 uninstalled

***
OTL Fix was run. Log here:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Jeff\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeff\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 2988422 bytes
->Temporary Internet Files folder emptied: 198160 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6190068 bytes
->Google Chrome cache emptied: 57817588 bytes
->Opera cache emptied: 156934 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 987032 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 988712 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1086728 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jeff
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10242011_235202

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_758.dat not found!
C:\Documents and Settings\Jeff\Local Settings\Temp\~DFFD2C.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT07d48.TMP not found!

Registry entries deleted on Reboot...

***

About to try to update to SP3 - I'm hoping the worst that will happen is the registry will be backed up then it will churn for a long time and abort. Hopefully, it will install OK.

Issues so far are just those mentioned in passing - desktop not loading, crawl & freeze, etc. Of course, these may be unrelated to viral activity. Ever since the Spy Sweeper HOSTS shield was turned off I haven't been getting Communication Shield alerts, though.

Thanks for your continued efforts,
Jeff
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Jeff,

Clicking "Compact" each time yielded the messsage "Not found" for every file (?), so I did a copy & paste into notepad and cleaned up each listing by inserting a lot of tabs to make it readable.

Yeah, the whole 'Compact' thing is weird, it works for some users and doesn't for others. I'll need to revisit that when I get time.

I'm going to kill that Folder Lock file. I don't like that.

Do you recall where you got this file from?

F:\Security\Folder Lock\folder-lock.exe

Let me know how the SP3 install goes.
  • 0

Advertisements


#11
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Agent ST,

Managed to install SP3 without any issues.

***
Things that can be jettisoned:

Got the program FolderLock from CNET: "Snoopers can't find or access the files you hide using Folder Lock, even in DOS or under other operating systems. This application provides two levels of protection: you can merely lock files and folders, or you can encrypt them using the 256-bit Blowfish algorithm..." etc : http://download.cnet...4-10063343.html

Never ended up used it, so it could have been compromised recently, or a leftover from the Google redirect virus. Even if it were a false positive, I can always download the new version 7 from CNET & others if I decide I want to run it.

I am happy with CPU-Z so Test My Hardware went unused, it can go too (and further reading has found other people notice it triggers their AV, so I don't why CNET didn't catch this...)

I don't have any further reason to archive the Northpointe website since I no longer work for them, even if that file is a false positive as well. When I worked there I cleaned up their website a bit.

I am now motivated to go through my E & F drives in the near future and delete any other old software I don't have a use for or get updated versions if I decide I have a need for it.

Ran the OTL Fix. You'll notice that I habitually rename malware tools before running them ("TDS Killah" instead of TDSKiller) since I had a Google redirect virus which didn't allow a variety of commonly used malware tools to start.

I could also remove the free version of SuperAntiSpyware since it isn't clear what the effect of having multiple AntiSpyware programs installed may be, unlike the clearly known problems associated with multiple AV or firewalls. I've read arguments for and against layered AntiMalware.

***
OTL Log here:

OTL logfile created on: 10/29/2011 8:18:35 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.42% Memory free
3.83 Gb Paging File | 3.05 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 40.86 Gb Free Space | 68.10% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 36.58 Gb Free Space | 41.08% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 41.12 Gb Free Space | 27.59% Space Free | Partition Type: NTFS
Drive G: | 642.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/24 23:49:20 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/10/18 00:10:41 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/10/10 08:09:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
PRC - [2011/08/23 00:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/25 08:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 08:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/05 22:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/08/09 06:03:10 | 000,389,352 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/07 13:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/01/19 20:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2001/11/23 01:00:00 | 000,288,256 | ---- | M] (Tropical Wares) -- C:\Program Files\WallMaster\wallmast.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 04:10:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 04:10:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 04:09:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 04:09:07 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 04:09:06 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/26 01:14:43 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/08/04 03:15:39 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/04 03:15:39 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/04 03:15:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/05 11:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/09/07 13:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2006/09/07 13:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 23:49:20 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/23 00:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/25 08:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/05 22:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/04 02:42:17 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 02:42:17 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/25 08:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 09:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/08/11 05:25:45 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/08/09 06:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/07/09 16:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\26488742.sys -- (26488742)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\5125243.sys -- (setup_9.0.0.722_06.06.2011_12-48drv)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2034379.sys -- (setup_9.0.0.722_06.06.2011_04-46drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\26488741.sys -- (26488741)
DRV - [2007/03/27 04:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 02:12:02 | 000,038,656 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/10/18 15:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/29 17:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2004/08/12 22:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/07/24 04:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/08/04 03:25:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 05:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 01:19:52 | 000,000,000 | ---D | M]

[2010/08/11 03:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2011/08/26 05:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions
[2011/08/04 03:25:17 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2011/08/26 05:01:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 21:45:26 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\[email protected]
[2011/10/24 23:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 23:49:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/10/17 05:39:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/24 23:49:20 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 05:39:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Flash Video Download = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: Chrome YouTube Downloader = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.5.9_0\

O1 HOSTS File: ([2011/10/24 23:52:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/11 05:46:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA24CE51-1C1B-4318-9373-7E504BE8C269}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 02:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 08:00:00 | 000,000,110 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 08:17:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/28 01:51:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/28 01:48:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/10/28 01:48:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/10/28 01:48:46 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/10/28 01:46:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/10/28 01:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/10/28 01:20:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent
[2011/10/27 21:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/27 21:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/10/27 21:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/10/27 21:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/25 00:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Sun
[2011/10/24 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/24 23:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/24 23:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/24 11:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Virus Scan Logs
[2011/10/24 00:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/24 00:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 00:32:50 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/23 23:52:52 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\td_ss_killah.exe
[2011/10/23 16:43:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/23 16:42:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 12:58:03 | 004,269,227 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\CFixNEW.exe
[2011/10/10 08:09:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
[2011/10/03 07:03:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/03 07:03:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/03 07:03:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/03 07:03:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/03 07:00:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Pics Vids
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/29 08:18:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
[2011/10/29 07:18:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
[2011/10/28 06:21:03 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/28 06:21:03 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/28 06:20:14 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/28 06:19:48 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 01:51:54 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/28 01:51:11 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/28 01:51:02 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/28 01:50:18 | 000,035,079 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/10/28 01:45:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/28 01:45:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/28 01:45:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/28 01:45:10 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/28 01:42:00 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/28 01:33:12 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 00:26:16 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 22:19:54 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Google Chrome.lnk
[2011/10/27 22:19:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/27 20:37:25 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/10/24 23:52:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/24 00:48:19 | 000,058,611 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/10/24 00:32:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 00:07:12 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\SecurityCheck.exe
[2011/10/23 23:52:56 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\td_ss_killah.exe
[2011/10/22 12:58:14 | 004,269,227 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\CFixNEW.exe
[2011/10/11 02:49:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Word.lnk
[2011/10/10 09:06:28 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Stealty, Persistent Malware Keeps Trying to Dial Out - Geeks to Go Forums.URL
[2011/10/10 08:09:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
[2011/10/10 06:14:43 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Publisher.lnk
[2011/10/06 05:19:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/28 06:20:15 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Jeff\Start Menu\Programs\Outlook Express.lnk
[2011/10/28 06:20:13 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jeff\Start Menu\Programs\Internet Explorer.lnk
[2011/10/28 06:20:12 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/28 01:48:34 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/10/28 01:48:06 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/28 01:47:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/10/28 01:47:44 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/10/28 01:47:37 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/28 01:47:22 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/10/28 01:47:14 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/28 01:47:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/10/28 01:46:46 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/10/28 01:44:06 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/28 01:42:04 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/10/28 01:33:12 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 01:32:43 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/10/28 01:32:43 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/10/28 01:32:42 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/10/28 01:32:42 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/10/28 01:32:42 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/10/28 01:32:42 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/10/28 01:32:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/10/28 01:32:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/10/28 01:32:41 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/10/28 01:32:41 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/10/28 01:32:41 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/10/28 01:32:41 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/10/28 01:32:41 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/10/28 01:32:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/10/28 01:32:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/10/28 01:32:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/10/28 01:32:39 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/10/28 01:32:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/10/24 00:32:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 00:07:10 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\SecurityCheck.exe
[2011/10/23 15:57:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\g---mer.exe
[2011/10/10 09:06:28 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Stealty, Persistent Malware Keeps Trying to Dial Out - Geeks to Go Forums.URL
[2011/10/03 07:03:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/03 07:03:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/03 07:03:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/03 07:03:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/03 07:03:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/26 03:26:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/08/26 03:23:16 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/11 04:23:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/05 00:51:38 | 000,000,066 | ---- | C] () -- C:\WINDOWS\drD3D.ini
[2010/08/18 04:24:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/16 04:46:07 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2010/08/16 04:46:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2010/08/16 01:36:18 | 000,001,672 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/15 21:52:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
[2010/08/15 21:52:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
[2010/08/12 01:03:49 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/12 01:03:48 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/12 01:03:48 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/12 00:13:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/12 00:12:54 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 13:04:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/11 06:06:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/11 05:54:02 | 000,016,560 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/11 05:53:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/11 05:43:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/11 05:43:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2010/08/11 05:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2010/08/11 05:43:19 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/11 05:43:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/11 05:42:34 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/08/11 05:42:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/08/11 05:42:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2010/08/11 05:42:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/11 05:42:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/08/11 05:42:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2010/08/11 05:42:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/08/11 05:42:17 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2010/08/11 05:42:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/08/11 05:20:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/08/11 05:20:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/08/11 05:15:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/08/11 04:47:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/11 04:43:07 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/08/11 04:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/11 04:13:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/11 04:13:22 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/11 04:13:20 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/11 04:13:20 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/11 04:02:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/08/11 03:46:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/11 03:13:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/11 03:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/11 02:48:29 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 02:43:44 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/10 19:27:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/10 19:26:45 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2008/04/14 09:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 11:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/20 14:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 14:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/04 02:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/08/16 21:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/08/16 12:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/08/11 06:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/09/13 03:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/16 12:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\CheckPoint
[2011/04/06 02:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\jah
[2010/08/11 04:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\KompoZer
[2011/01/11 03:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\kompozer.net
[2010/08/11 05:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Opera
[2011/09/22 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\uTorrent
[2011/04/06 06:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Vso
[2010/11/11 03:26:22 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1281518752.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/17 05:39:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/17 05:39:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/17 05:39:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/17 05:39:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/17 05:39:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/17 05:39:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 09:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 09:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 09:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 09:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/07/29 15:25:25 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/07/29 15:25:25 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/07/29 15:25:25 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/07/29 15:25:25 | 000,947,056 | ---- | M] (Opera Software)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-04 14:29:52

< End of report >

***
Let me know if I should delete stuff or use a tool to do so.

Thanks Again!
Jeff Ferreri
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Jeff!

Glad to hear that Windows XP SP3 installed successfully.

I'll clean up some of my tools now, and then we will use a special process to remove the other tools.

I do need to have you rename the renamed ComboFix file to ComboFix. You can do this by clicking on the icon, and pressing F2 and then renaming it to ComboFix.

Are you experiencing any outstanding issues with your computer?


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2011/10/10 08:09:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\O-T-L.exe
    [2011/10/23 23:52:52 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\td_ss_killah.exe
    [2011/10/24 00:07:12 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\SecurityCheck.exe
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#13
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Agent ST,

Renamed ComboFix

Outstanding issues are only that when I ran the custom OTL fix, the computer hung. After about 40 minutes I used the reset button to restart the computer.

After entering my password, I heard the error sound event, and when the desktop was loading I saw the error message: "Can not find O-T-L.exe. Make sure you typed the name correctly." The log was found in the C:_OTL\MovedFiles folder and is found below. It appears that OTL, TDS Killer and SecurityCheck were removed successfully.

I see that the HOSTS file was reset to the bare bones file. Do you have any objection to using the most current MVPS HOSTS file? Ever since I shut off the SpySweeper HOSTS file shield, the communication shield hasn't triggered again.

At this point I'm leaning even more towards thinking that the situation being that it was just an unusual set of circumstances that caused the SpySweeper HOSTS shield to trigger the SS Communication Shield when it saw all the malware sites listed in the MVPS version of the HOSTS file. SS blocking these sites made it appear that something on my computer was trying to contact the internet. In my experience, rarely triggered bugs don't get fixed quickly or at all.

Of course, if the three suspicious files we identified are NOT false positives, that makes me a bit annoyed at Kaspersky since I have updates set on hourly and it shouldn't take a top tier AV company forever to identify new threats.

Windows is letting me know that there are updates waiting to be downloaded. Should I go ahead and update?

Thanks again for your considerable expertise!

Jeff Ferreri
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Jeff!

After entering my password, I heard the error sound event, and when the desktop was loading I saw the error message: "Can not find O-T-L.exe. Make sure you typed the name correctly." The log was found in the C:_OTL\MovedFiles folder and is found below. It appears that OTL, TDS Killer and SecurityCheck were removed successfully.

Okay. We'll need to download a new copy of OTL now.

Link: oldtimer.geekstogo.com/OTL.exe

I see that the HOSTS file was reset to the bare bones file. Do you have any objection to using the most current MVPS HOSTS file? Ever since I shut off the SpySweeper HOSTS file shield, the communication shield hasn't triggered again.

You can go ahead and re-install the MVPS Host file.

At this point I'm leaning even more towards thinking that the situation being that it was just an unusual set of circumstances that caused the SpySweeper HOSTS shield to trigger the SS Communication Shield when it saw all the malware sites listed in the MVPS version of the HOSTS file. SS blocking these sites made it appear that something on my computer was trying to contact the internet. In my experience, rarely triggered bugs don't get fixed quickly or at all.

Yes, I'm thinking the same thing.

Windows is letting me know that there are updates waiting to be downloaded. Should I go ahead and update?

Please go ahead and allow Windows to install these updates.

Followed by running a new OTL scan.

Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#15
Jeff_F

Jeff_F

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL report:

OTL logfile created on: 10/31/2011 5:51:23 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.15% Memory free
3.83 Gb Paging File | 2.98 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 40.72 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 36.58 Gb Free Space | 41.08% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 41.12 Gb Free Space | 27.59% Space Free | Partition Type: NTFS
Drive G: | 642.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/31 05:49:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/24 22:49:20 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/10/17 23:10:41 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/22 23:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 08:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/05 21:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/08/09 05:03:10 | 000,389,352 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/08/09 05:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/06 14:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 11:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/07 12:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/03/22 23:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/12/05 16:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/01/19 19:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2001/11/23 00:00:00 | 000,288,256 | ---- | M] (Tropical Wares) -- C:\Program Files\WallMaster\wallmast.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 03:10:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 03:10:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 03:09:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 03:09:07 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 03:09:06 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/26 00:14:43 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/08/04 02:15:39 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/04 02:15:39 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/04 02:15:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/05 10:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/09/07 12:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2006/09/07 12:19:01 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006/09/07 12:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 22:49:20 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/22 23:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/05 21:41:21 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/08/09 05:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2005/12/05 16:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/03/09 15:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/04 01:42:17 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 01:42:17 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 08:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 16:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 16:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 15:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/08/11 04:25:45 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/08/09 05:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/07/09 15:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/11/06 11:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 11:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 11:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\26488742.sys -- (26488742)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\5125243.sys -- (setup_9.0.0.722_06.06.2011_12-48drv)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2034379.sys -- (setup_9.0.0.722_06.06.2011_04-46drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\26488741.sys -- (26488741)
DRV - [2007/03/27 03:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 01:12:02 | 000,038,656 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/10/18 14:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/29 16:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2004/08/12 21:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/07/24 03:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/08/04 02:25:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 04:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 00:19:52 | 000,000,000 | ---D | M]

[2010/08/11 02:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2011/08/26 04:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions
[2011/08/04 02:25:17 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2011/08/26 04:01:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 20:45:26 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\[email protected]
[2011/10/24 22:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 22:49:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/10/17 04:39:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/24 22:49:20 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 04:39:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Flash Video Download = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: Chrome YouTube Downloader = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.5.9_0\

O1 HOSTS File: ([2011/10/29 12:44:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/11 04:46:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA24CE51-1C1B-4318-9373-7E504BE8C269}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 01:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 000,000,110 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 05:49:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2011/10/29 13:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\hosts
[2011/10/29 13:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Web
[2011/10/28 05:20:56 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/10/28 00:51:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/28 00:49:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/10/28 00:49:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/10/28 00:49:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/10/28 00:49:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/10/28 00:49:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/10/28 00:49:23 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/10/28 00:49:22 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/10/28 00:49:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/10/28 00:49:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/10/28 00:49:20 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/10/28 00:49:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/10/28 00:49:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/10/28 00:49:19 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/10/28 00:49:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/10/28 00:49:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/10/28 00:49:18 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/10/28 00:49:18 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/10/28 00:49:17 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/10/28 00:49:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/10/28 00:49:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/10/28 00:49:13 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/10/28 00:49:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/10/28 00:49:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/10/28 00:49:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/10/28 00:49:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/10/28 00:49:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/10/28 00:49:09 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/10/28 00:49:09 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/10/28 00:49:08 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/10/28 00:49:08 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/10/28 00:49:08 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/10/28 00:49:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/10/28 00:49:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/10/28 00:49:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/10/28 00:49:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/10/28 00:49:03 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/10/28 00:49:02 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/10/28 00:49:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/10/28 00:49:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/10/28 00:49:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/10/28 00:49:00 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/10/28 00:48:59 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/10/28 00:48:59 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/10/28 00:48:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/10/28 00:48:58 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/10/28 00:48:58 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/10/28 00:48:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/10/28 00:48:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/10/28 00:48:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2011/10/28 00:48:56 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/10/28 00:48:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/10/28 00:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/10/28 00:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/10/28 00:48:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/10/28 00:48:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/10/28 00:48:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/10/28 00:48:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/10/28 00:48:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/10/28 00:48:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/10/28 00:48:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/10/28 00:48:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/10/28 00:48:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/10/28 00:48:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/10/28 00:48:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/10/28 00:48:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/10/28 00:48:52 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/10/28 00:48:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/10/28 00:48:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/10/28 00:48:48 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2011/10/28 00:48:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/10/28 00:48:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2011/10/28 00:48:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/10/28 00:48:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/10/28 00:48:46 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/10/28 00:48:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/10/28 00:48:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/10/28 00:48:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/10/28 00:48:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/10/28 00:48:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/10/28 00:48:41 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/10/28 00:48:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/10/28 00:48:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/10/28 00:48:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/10/28 00:48:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/10/28 00:48:37 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/10/28 00:48:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/10/28 00:48:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/10/28 00:48:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/10/28 00:48:35 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/10/28 00:48:35 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/10/28 00:48:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/10/28 00:48:33 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/10/28 00:48:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/10/28 00:48:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/10/28 00:48:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/10/28 00:48:31 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/10/28 00:48:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/10/28 00:48:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/10/28 00:48:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/10/28 00:48:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/10/28 00:48:26 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/10/28 00:48:23 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/10/28 00:48:23 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/10/28 00:48:19 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/10/28 00:48:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/10/28 00:48:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/10/28 00:48:12 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/10/28 00:48:12 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/10/28 00:48:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/10/28 00:48:11 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/10/28 00:48:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/10/28 00:48:10 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/10/28 00:48:09 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/10/28 00:48:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/10/28 00:48:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/10/28 00:48:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/10/28 00:48:08 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/10/28 00:48:06 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/10/28 00:48:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/10/28 00:48:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/10/28 00:48:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/10/28 00:48:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/10/28 00:48:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/10/28 00:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/10/28 00:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/10/28 00:48:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/10/28 00:48:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/10/28 00:48:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/10/28 00:48:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/10/28 00:48:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/10/28 00:48:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/10/28 00:48:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/10/28 00:48:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/10/28 00:48:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/10/28 00:47:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/10/28 00:47:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/10/28 00:47:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/10/28 00:47:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/10/28 00:47:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/10/28 00:47:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/10/28 00:47:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/10/28 00:47:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/10/28 00:47:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/10/28 00:47:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/10/28 00:47:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/10/28 00:47:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/10/28 00:47:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/10/28 00:47:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/10/28 00:47:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/10/28 00:47:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/10/28 00:47:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/10/28 00:47:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/10/28 00:47:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/10/28 00:47:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/10/28 00:47:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/10/28 00:47:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/10/28 00:47:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/10/28 00:47:52 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/10/28 00:47:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/10/28 00:47:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/10/28 00:47:50 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/10/28 00:47:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/10/28 00:47:49 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/10/28 00:47:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/10/28 00:47:48 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/10/28 00:47:47 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/10/28 00:47:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/10/28 00:47:46 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/10/28 00:47:46 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/10/28 00:47:45 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/10/28 00:47:45 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/10/28 00:47:45 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/10/28 00:47:44 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/10/28 00:47:43 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/10/28 00:47:43 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/10/28 00:47:43 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/10/28 00:47:42 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/10/28 00:47:42 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/10/28 00:47:41 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/10/28 00:47:41 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/10/28 00:47:40 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/10/28 00:47:40 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/10/28 00:47:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/10/28 00:47:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/10/28 00:47:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/10/28 00:47:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/10/28 00:47:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/10/28 00:47:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/10/28 00:47:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/10/28 00:47:36 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/10/28 00:47:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/10/28 00:47:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/10/28 00:47:35 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/10/28 00:47:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/10/28 00:47:29 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/10/28 00:47:17 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/10/28 00:47:16 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/10/28 00:47:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/10/28 00:47:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/10/28 00:47:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/10/28 00:47:14 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/10/28 00:47:13 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/10/28 00:47:12 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/10/28 00:47:12 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/10/28 00:47:12 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/10/28 00:47:11 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/10/28 00:47:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/10/28 00:47:11 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/10/28 00:47:10 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/10/28 00:47:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/10/28 00:47:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/10/28 00:47:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/10/28 00:47:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/10/28 00:47:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/10/28 00:47:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/10/28 00:47:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/10/28 00:47:08 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/10/28 00:47:08 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/10/28 00:47:08 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/10/28 00:47:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/10/28 00:47:07 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/10/28 00:47:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/10/28 00:47:07 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/10/28 00:47:07 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/10/28 00:47:06 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2011/10/28 00:47:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/10/28 00:47:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2011/10/28 00:47:05 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/10/28 00:47:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/10/28 00:47:04 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/10/28 00:47:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/10/28 00:47:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/10/28 00:47:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/10/28 00:47:02 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/10/28 00:47:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/10/28 00:47:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/10/28 00:47:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/10/28 00:47:01 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/10/28 00:47:01 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/10/28 00:47:00 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/10/28 00:47:00 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/10/28 00:46:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/10/28 00:46:53 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/10/28 00:46:51 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/10/28 00:46:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/10/28 00:46:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/10/28 00:46:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/10/28 00:46:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/10/28 00:46:49 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/10/28 00:46:48 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/10/28 00:46:47 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/10/28 00:46:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/10/28 00:46:46 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/10/28 00:46:45 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/10/28 00:46:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/10/28 00:46:44 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/10/28 00:46:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/10/28 00:46:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/10/28 00:46:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/10/28 00:46:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/10/28 00:46:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/10/28 00:46:41 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/10/28 00:46:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/10/28 00:46:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/10/28 00:46:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/10/28 00:46:25 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/10/28 00:46:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/10/28 00:46:22 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/10/28 00:46:22 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/10/28 00:46:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/10/28 00:46:21 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/10/28 00:46:21 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/10/28 00:46:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/10/28 00:46:20 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/10/28 00:46:20 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/10/28 00:46:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/10/28 00:46:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/10/28 00:46:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/10/28 00:46:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/10/28 00:46:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/10/28 00:46:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/10/28 00:46:17 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/10/28 00:46:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/10/28 00:46:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/10/28 00:46:12 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/10/28 00:46:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/10/28 00:46:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/10/28 00:46:11 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2011/10/28 00:46:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/10/28 00:46:10 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/10/28 00:46:10 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/10/28 00:46:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/10/28 00:46:06 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/10/28 00:46:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/10/28 00:46:05 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/10/28 00:46:05 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/10/28 00:46:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/10/28 00:46:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/10/28 00:46:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/10/28 00:46:04 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/10/28 00:46:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/10/28 00:46:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/10/28 00:46:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/10/28 00:46:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/10/28 00:46:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/10/28 00:46:02 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/10/28 00:46:02 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/10/28 00:46:02 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/10/28 00:46:01 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/10/28 00:46:01 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/10/28 00:46:01 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/10/28 00:46:00 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/10/28 00:46:00 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/10/28 00:46:00 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/10/28 00:46:00 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/10/28 00:45:59 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/10/28 00:45:59 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/10/28 00:45:59 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/10/28 00:45:59 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/10/28 00:45:58 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/10/28 00:45:58 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/10/28 00:45:57 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/10/28 00:45:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/10/28 00:45:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/10/28 00:45:56 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/10/28 00:45:56 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/10/28 00:45:56 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/10/28 00:45:56 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/10/28 00:45:55 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/10/28 00:45:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/10/28 00:45:54 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/10/28 00:45:53 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/10/28 00:43:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/10/28 00:43:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2011/10/28 00:43:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/10/28 00:43:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2011/10/28 00:43:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2011/10/28 00:43:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2011/10/28 00:43:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2011/10/28 00:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/10/28 00:41:28 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/10/28 00:41:28 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2011/10/28 00:41:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/10/28 00:41:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2011/10/28 00:41:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2011/10/28 00:41:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/10/28 00:32:55 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/10/28 00:32:55 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/10/28 00:32:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/10/28 00:32:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/10/28 00:20:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent
[2011/10/27 20:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/27 20:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/10/27 20:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/10/27 20:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/24 23:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Sun
[2011/10/24 22:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/24 22:49:46 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/24 22:49:45 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 22:49:45 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 22:49:45 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/10/24 22:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/24 22:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/24 10:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Virus Scan Logs
[2011/10/23 23:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/23 23:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 23:32:50 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/23 15:43:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/23 15:42:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 11:58:03 | 004,269,227 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2011/10/03 06:03:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/03 06:03:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/03 06:03:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/03 06:03:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/03 06:00:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Pics Vids

========== Files - Modified Within 30 Days ==========

[2011/10/31 05:49:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2011/10/31 05:18:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003UA.job
[2011/10/30 07:18:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1450960922-839522115-1003Core.job
[2011/10/29 18:17:49 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/10/29 13:03:50 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/10/29 13:03:19 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 13:03:13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 12:44:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/28 05:21:03 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/28 05:21:03 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/28 05:20:14 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/28 00:51:02 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/28 00:50:18 | 000,035,079 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/10/28 00:45:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/28 00:45:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/28 00:45:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/28 00:45:10 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/28 00:42:00 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/28 00:33:12 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/27 23:26:16 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 21:19:54 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Google Chrome.lnk
[2011/10/27 21:19:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/24 22:49:20 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 22:49:20 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 22:49:19 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/24 22:49:19 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/10/24 22:49:19 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/24 22:39:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/23 23:48:19 | 000,058,611 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/10/23 23:32:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 11:58:14 | 004,269,227 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2011/10/11 01:49:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Word.lnk
[2011/10/10 08:06:28 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Stealty, Persistent Malware Keeps Trying to Dial Out - Geeks to Go Forums.URL
[2011/10/10 05:14:43 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Publisher.lnk
[2011/10/06 04:19:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011/10/28 05:20:12 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/28 00:48:34 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/10/28 00:48:06 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/28 00:47:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/10/28 00:47:44 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/10/28 00:47:37 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/28 00:47:22 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/10/28 00:47:14 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/28 00:47:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/10/28 00:46:46 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/10/28 00:33:12 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 00:32:43 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/10/28 00:32:43 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/10/28 00:32:42 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/10/28 00:32:42 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/10/28 00:32:42 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/10/28 00:32:42 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/10/28 00:32:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/10/28 00:32:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/10/28 00:32:41 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/10/28 00:32:41 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/10/28 00:32:41 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/10/28 00:32:41 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/10/28 00:32:41 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/10/28 00:32:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/10/28 00:32:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/10/28 00:32:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/10/28 00:32:39 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/10/28 00:32:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/10/23 23:32:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 14:57:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\g---mer.exe
[2011/10/10 08:06:28 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Stealty, Persistent Malware Keeps Trying to Dial Out - Geeks to Go Forums.URL
[2011/10/03 06:03:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/03 06:03:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/03 06:03:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/03 06:03:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/03 06:03:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/26 02:26:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/08/26 02:23:16 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/11 03:23:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/04 23:51:38 | 000,000,066 | ---- | C] () -- C:\WINDOWS\drD3D.ini
[2010/08/18 03:24:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/16 03:46:07 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2010/08/16 03:46:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2010/08/16 00:36:18 | 000,001,672 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/15 20:52:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
[2010/08/15 20:52:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
[2010/08/12 00:03:49 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/12 00:03:48 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/12 00:03:48 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/11 23:13:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/11 23:12:54 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 12:04:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/11 05:06:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/11 04:54:02 | 000,016,560 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/11 04:53:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/11 04:43:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/11 04:43:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2010/08/11 04:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2010/08/11 04:43:19 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/11 04:43:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/11 04:42:34 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/08/11 04:42:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/08/11 04:42:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2010/08/11 04:42:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/11 04:42:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/08/11 04:42:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2010/08/11 04:42:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/08/11 04:42:17 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2010/08/11 04:42:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/08/11 04:20:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/08/11 04:20:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/08/11 04:15:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/08/11 03:47:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/11 03:43:07 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/08/11 03:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/11 03:13:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/11 03:13:22 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/11 03:13:20 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/11 03:13:20 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/11 03:02:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/08/11 02:46:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/11 02:13:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/11 02:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/11 01:48:29 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 01:43:44 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/10 18:27:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/10 18:26:45 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 11:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 11:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2008/04/14 08:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 10:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/20 13:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 13:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


Extras Log:

OTL Extras logfile created on: 10/31/2011 5:51:24 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.15% Memory free
3.83 Gb Paging File | 2.98 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 40.72 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 36.58 Gb Free Space | 41.08% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 3.47 Gb Free Space | 1.49% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 41.12 Gb Free Space | 27.59% Space Free | Partition Type: NTFS
Drive G: | 642.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled Twist 1.0.3" = Bejeweled Twist 1.0.3
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CursorXP" = CursorXP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.0.1
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 1431] [2007-08-21]
"FLVPlayer" = FLV Player 1.3.3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IconForge version 4.92_is1" = IconForge version 4.92
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"OpenLibraries" = OpenLibraries
"Opera 11.50.1074" = Opera 11.50
"PC Magazine ButtonBoogie 2_is1" = PC Magazine ButtonBoogie 2.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Sandboxie" = Sandboxie 3.48
"Tablet Driver" = Tablet
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WallMaster" = WallMaster
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WM Converter 2.0" = WM Converter 2.0
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoneAlarm Antivirus" = ZoneAlarm Antivirus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2011 11:33:32 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/5/2011 11:33:35 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/5/2011 11:37:37 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/5/2011 11:37:38 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/6/2011 6:00:11 AM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/7/2011 10:29:27 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/7/2011 10:29:30 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/7/2011 10:29:31 PM | Computer Name = JEFFDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 6/12/2011 9:47:12 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x047b66c0.

Error - 6/18/2011 8:09:14 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
jdoom.dll, version 0.0.0.0, fault address 0x000177dc.

[ System Events ]
Error - 10/28/2011 1:52:09 AM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.

Error - 10/29/2011 8:17:42 AM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147942405

Error - 10/29/2011 1:44:07 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/29/2011 1:44:07 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/29/2011 1:44:07 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7031
Description = The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 10/29/2011 1:44:08 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7034
Description = The BrSplService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/29/2011 1:44:08 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 10/29/2011 1:44:08 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/29/2011 1:44:09 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7034
Description = The TabletService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/29/2011 2:04:08 PM | Computer Name = JEFFDESK | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP