Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP crashes/reboots at random following malware attack [Solved]

Started by NickKeenan , Mar 12 2012 03:58 PM

  • This topic is locked This topic is locked

#1
NickKeenan
Posted 12 March 2012 - 03:58 PM

NickKeenan

    Member

  • Member
  • PipPip
  • 73 posts
Momentarily displays blue screen with white text (not a memory dump) then disappears, shuts down, and restarts.
Through experimenting, I've discovered that it happens more frequently when I'm running eMule, and very frequently when I'm running uTorrent.

Over the last 2 weeks I've been recovering from a sudden 'attack' of some kind which left the system unusable and I had to reinstall XP. This attack was very strange - suddenly the screen showed several file explorer windows, cascade-style, and when it stopped, file explorer did not behave properly which led me to reinstall XP. Following the reinstall, and about 10 days later, I discovered that all my non-C partition files were all marked 'hidden' so the left pane of file explorer did not show the plus sign (+) beside folders with sub-folders. I believe that the attack may have set the hidden property in all my files, and I believe I witnessed that process during the brief cascade-style of about 8 file explorer windows (one for each of my partitions/drives).
Also my system runs slower - for example, when I run Tetris, the falling momentarily pauses before reacting to my arrow keystroke.
==========================================

NOTE: Time is now 3:45am EDT, several hours after I posted the above that ends with the row of equal signs.
I found something strange in my system. I did a explorer file search on "*descend*" and got 2.25 'screenfuls' of hits, which I've PRTSCR'd into 3 jpgs I'm attaching to my post here. Why? Well, not sure, except that when I was actively running Vuze or uTorrent or eMule to download the film The Descendants the system would crash as described in my initial post. Tonight, for the [bleep] of it, I thought I'd try an old version of Vuze and gave it The Descendants to download, and, sure enough, CRASH/reboot!!. After coming back up I tried to run vuze but delete The Descendants from it's queue of work to do, and that's when I got strange error msgs saying I couldn't delete The Descendants (I'm in file explorer here) because it was being used elsewhere. So I got shutdown manually and rebooted, and when I got back up I did a system wide search for The Descendants and got a whopping 2.25 screenfuls of hits, across all partitions, but all in the recycle bin. Now, is this reasonable? I don't think it is, so I'm passing it on in the hope that it might help the diagnosis. I'll attach the 3 jpgs.
But I don't see how to attach them.. maybe use Full Editor..



OK.. it would not take the 3rd jpg.. but you get the idea.

Attached Thumbnails

  • descendants01.jpg
  • descendants02.jpg

Edited by NickKeenan, 13 March 2012 - 02:13 AM.

  • 0

Advertisements

#2
maliprog
Posted 16 March 2012 - 05:24 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello NickKeenan and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed


Intro

Before we begin I would ask that you uninstall all P2P programs from your system (Vuze,uTorrent, eMule etc.)

Here is a good reason to remove them:

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.


Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
NickKeenan
Posted 16 March 2012 - 12:15 PM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Thanks Maliprog for taking my case.
I dl'd otl.scr, ran it, pasting in custom code, and did quick scan.
It only produced otl.txt which I've pasted below.
I searched C: for extras.txt but didn't find it.
Decided not to continue with Step 2 GMER until I hear back from you re: no extras.txt.

Also in Step 3 the following
OTL log
OTL Extras log
GMER log
are not file names, so I'm not sure what I should include in a reply.
By OTL log, do you mean OTL.txt? I'm not sure of your terms.
/nick

OTL logfile created on: 3/16/2012 1:48:03 PM - Run 5
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 78.08% Memory free
3.79 Gb Paging File | 3.33 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 20.78 Gb Free Space | 53.20% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 32.52 Gb Free Space | 33.30% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 17.05 Gb Free Space | 17.46% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 12.41 Gb Free Space | 12.70% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 19.14 Gb Free Space | 19.60% Space Free | Partition Type: NTFS
Drive J: | 75.14 Gb Total Space | 47.68 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
Drive L: | 147.24 Gb Total Space | 40.91 Gb Free Space | 27.79% Space Free | Partition Type: NTFS

Computer Name: GENERALSPECIFIX | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/16 13:04:05 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.scr
PRC - [2012/01/31 09:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 09:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 09:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 09:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 10:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 10:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 18:17:28 | 002,473,984 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2007/08/23 16:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/01/15 17:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2005/07/29 18:25:28 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005/07/29 18:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/07/29 18:20:58 | 000,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/07/29 18:20:40 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005/07/07 22:29:52 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2003/07/25 12:15:48 | 000,536,576 | ---- | M] (-) -- C:\Program Files\Eraser\eraser.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/31 09:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/12/03 18:16:34 | 000,065,536 | ---- | M] () -- C:\Program Files\MagicTune Premium\MTResEng.dll
MOD - [2007/12/03 18:16:28 | 000,032,768 | ---- | M] () -- C:\Program Files\MagicTune Premium\HzZone.dll
MOD - [2007/12/03 18:16:24 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\EProfile.dll
MOD - [2007/12/03 18:16:24 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\DProfile.dll
MOD - [2007/12/03 18:16:22 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\VESADll.dll
MOD - [2007/12/03 18:16:20 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\IProfile.dll
MOD - [2007/12/03 18:16:20 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\DeviceInterface.dll
MOD - [2007/12/03 18:16:18 | 000,032,768 | ---- | M] () -- C:\Program Files\MagicTune Premium\Highlight.dll
MOD - [2007/11/05 09:08:42 | 000,077,824 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneCore.dll
MOD - [2007/08/23 16:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
MOD - [2007/01/15 17:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
MOD - [2006/01/12 22:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.DEU
MOD - [2006/01/12 22:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
MOD - [2005/07/29 18:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2005/07/07 22:29:52 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2005/07/07 22:29:52 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2005/07/07 22:29:52 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/01/31 09:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 09:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 10:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2007/08/23 16:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2005/07/29 18:23:52 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/07/29 18:20:58 | 000,118,843 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/07/29 18:20:40 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2005/07/07 22:29:52 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/31 09:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 09:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 10:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/09/16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/14 01:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2007/11/29 13:46:08 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2005/12/27 01:09:10 | 000,033,792 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2005/08/11 01:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/07/29 05:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 05:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/11 18:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 14:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/29 22:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/02/24 14:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Extensions
[2012/03/01 17:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\um5jyn3v.default\extensions
[2012/03/01 17:11:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\um5jyn3v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/29 16:05:36 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\um5jyn3v.default\extensions\[email protected]
[2012/02/24 14:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (-)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Nick\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Nick\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C1D069F-ACAE-46EA-B739-885EDAF06CDC}: NameServer = 206.248.154.22 206.248.154.170
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/20 20:21:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 13:04:04 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.scr
[2012/03/12 20:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/03/12 20:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Azureus Vuze
[2012/03/12 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Azureus
[2012/03/11 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\ForceField Shared Files
[2012/03/11 18:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\CheckPoint
[2012/03/11 18:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/03/11 18:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/03/11 18:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/10 14:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2012/03/09 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/03/09 14:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Google
[2012/03/09 14:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google SketchUp 8
[2012/03/09 14:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/08 18:38:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\Administrative Tools
[2012/03/08 18:37:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/03/08 15:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/03/08 15:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMule
[2012/03/07 20:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\dvdcss
[2012/03/07 10:45:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/07 02:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/03/06 21:04:30 | 000,000,000 | ---D | C] -- C:\XPupdates
[2012/03/05 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\uTorrent
[2012/03/04 23:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/04 23:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/04 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/04 21:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Avira
[2012/03/04 21:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/04 21:12:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/04 21:12:17 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/04 21:12:17 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/04 21:12:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/03/04 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/03/04 21:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/03/03 17:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2012/03/02 23:42:17 | 000,168,448 | ---- | C] (WexTech Systems, Inc.) -- C:\WINDOWS\System32\Awrtl30.dll
[2012/03/02 23:42:16 | 000,100,864 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\awpe.dll
[2012/03/02 23:40:55 | 000,245,760 | ---- | C] (Corel Corporation) -- C:\WINDOWS\System32\Sccomp91.dll
[2012/03/02 23:40:54 | 000,225,280 | ---- | C] (Corel Corporation) -- C:\WINDOWS\System32\Scint91.dll
[2012/03/02 23:40:54 | 000,110,592 | ---- | C] (Corel Corporation) -- C:\WINDOWS\System32\Sccres91.dll
[2012/03/02 23:35:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2012/03/02 23:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/03/02 23:22:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Corel
[2012/03/02 02:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\WinRAR
[2012/03/02 02:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\WinRAR
[2012/03/02 02:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/03/02 02:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/03/01 18:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\CD to MP3 Freeware
[2012/03/01 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\CD to MP3 Freeware
[2012/03/01 17:47:01 | 000,000,000 | ---D | C] -- C:\Temp
[2012/03/01 17:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\3herosoft
[2012/03/01 17:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\3herosoft
[2012/03/01 17:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\DVDVideoSoftIEHelpers
[2012/03/01 17:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2012/03/01 17:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\DVDVideoSoft
[2012/03/01 17:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012/03/01 17:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012/03/01 17:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\DVDVideoSoft
[2012/03/01 17:03:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/03/01 17:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/03/01 16:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2012/03/01 16:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
[2012/03/01 16:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
[2012/03/01 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2012/03/01 16:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\DVD Decrypter
[2012/03/01 04:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\New Folder
[2012/03/01 04:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/01 04:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\AltoMP3
[2012/03/01 04:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\AltoMP3 Gold
[2012/03/01 04:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\AltoMP3 Gold
[2012/03/01 03:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2012/03/01 03:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2012/02/29 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2012/02/29 14:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/02/29 14:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Microsoft Web Folders
[2012/02/29 14:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/28 03:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2012/02/28 03:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\SoulseekNS
[2012/02/28 03:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\Soulseek NS
[2012/02/27 15:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Macromedia
[2012/02/26 21:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\FileZilla
[2012/02/26 21:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/02/26 21:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/02/26 20:53:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nick\PrivacIE
[2012/02/26 03:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\SubtitlesSynch
[2012/02/26 03:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\SubtitlesSynch
[2012/02/25 23:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/02/25 16:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\AdobeUM
[2012/02/25 16:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2012/02/25 16:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2012/02/25 16:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2012/02/25 15:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/02/25 15:55:04 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\Pcdlib32.dll
[2012/02/25 15:55:04 | 000,032,792 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\Spwhpt.dll
[2012/02/25 15:55:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/02/25 04:00:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/25 03:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/24 22:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Vuze Downloads
[2012/02/24 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\.swt
[2012/02/24 22:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Azureus
[2012/02/24 22:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2012/02/24 14:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Mozilla
[2012/02/24 13:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/24 11:17:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nick\IETldCache
[2012/02/24 03:12:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/02/24 03:11:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/24 00:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\uTorrent
[2012/02/23 10:06:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nick\UserData
[2012/02/23 02:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/02/23 02:06:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/02/22 22:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/02/22 22:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Temp
[2012/02/22 22:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Conduit
[2012/02/22 22:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Downloads
[2012/02/22 20:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/02/22 20:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/02/22 19:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/02/22 19:10:26 | 000,016,868 | R--- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\SSGH1LMK.DLL
[2012/02/22 18:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Adobe
[2012/02/22 18:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Adobe
[2012/02/22 18:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/02/22 18:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/22 18:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/22 16:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2012/02/22 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Thunderbird
[2012/02/22 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Thunderbird
[2012/02/22 15:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/02/22 14:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/02/22 14:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2012/02/22 14:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/02/22 14:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}
[2012/02/22 14:20:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/22 14:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/02/22 14:16:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/02/22 14:16:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/02/22 14:16:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/02/22 14:16:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/02/22 14:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/02/22 14:12:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/02/22 14:08:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/02/22 14:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/02/22 13:55:07 | 000,013,184 | ---- | C] (Samsung Electronics, Inc. ) -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2012/02/22 13:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\MagicTune Premium
[2012/02/22 13:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\InstallShield
[2012/02/22 13:47:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/02/22 13:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2012/02/22 13:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/02/22 13:26:45 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/02/22 13:26:44 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/22 13:16:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/02/22 13:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/02/22 13:14:48 | 000,474,624 | R--- | C] (ASUS) -- C:\WINDOWS\System32\AsusSetup.exe
[2012/02/22 00:06:14 | 000,681,984 | -H-- | C] (ACD Systems, Ltd.) -- C:\Documents and Settings\Nick\Desktop\Portable ACDSee.exe
[2012/02/21 13:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Mozilla
[2012/02/21 01:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\vlc
[2012/02/21 01:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/02/21 01:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/02/20 22:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eraser
[2012/02/20 22:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012/02/20 21:40:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/20 20:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Identities
[2012/02/20 20:27:28 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/02/20 20:27:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\My Documents\My Pictures
[2012/02/20 20:27:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\My Documents\My Music
[2012/02/20 20:27:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nick\Application Data\Microsoft
[2012/02/20 20:27:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nick\SendTo
[2012/02/20 20:27:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nick\Recent
[2012/02/20 20:27:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nick\Application Data
[2012/02/20 20:27:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup
[2012/02/20 20:27:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\Start Menu
[2012/02/20 20:27:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\My Documents
[2012/02/20 20:27:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\Favorites
[2012/02/20 20:27:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nick\Start Menu\Programs\Accessories
[2012/02/20 20:27:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nick\Cookies
[2012/02/20 20:27:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nick\Templates
[2012/02/20 20:27:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nick\PrintHood
[2012/02/20 20:27:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nick\NetHood
[2012/02/20 20:27:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nick\Local Settings
[2012/02/20 20:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft
[2012/02/20 20:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Desktop
[2012/02/20 20:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/02/20 20:25:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/02/20 20:25:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/02/20 20:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/02/20 20:24:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/02/20 20:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/02/20 20:23:34 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/02/20 20:23:34 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/02/20 20:22:36 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/02/20 20:22:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/02/20 20:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/02/20 20:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/02/20 20:20:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/02/20 20:20:34 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/02/20 20:20:34 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/02/20 20:20:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/02/20 20:19:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/02/20 20:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/02/20 20:19:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/02/20 20:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/02/20 20:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/02/20 20:19:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/02/20 20:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/02/20 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/02/20 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/02/20 20:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/02/20 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/02/20 20:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/02/20 20:18:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/02/20 20:18:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/02/20 20:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/02/20 20:17:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/02/20 20:17:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/02/20 20:17:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/02/20 20:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/02/20 20:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/02/20 20:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/02/20 20:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/02/20 20:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/02/20 20:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/02/20 20:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/02/20 20:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/02/20 20:16:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/02/20 20:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/02/20 14:49:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/02/20 14:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/02/20 14:49:23 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/02/20 14:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/02/20 14:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/02/20 14:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/02/20 14:48:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/20 14:48:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/02/20 14:48:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/02/20 14:48:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/02/20 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/02/20 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/02/20 14:46:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/02/20 14:46:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/02/20 14:46:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/02/20 14:46:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/02/20 14:46:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/20 14:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/02/20 14:41:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/02/20 14:41:05 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/02/20 14:41:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/02/20 14:41:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/02/20 14:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/16 13:04:05 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.scr
[2012/03/16 12:17:03 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/16 12:17:03 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/03/16 12:16:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 17:22:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 14:17:49 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\SubtitlesSynch.lnk
[2012/03/14 12:41:14 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Soulseek.lnk
[2012/03/11 18:19:56 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/03/11 05:20:52 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 05:20:52 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/10 16:36:59 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\AutoSave_Untitled.skp
[2012/03/10 14:18:42 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2012/03/10 12:51:48 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Acrobat 7.0.lnk
[2012/03/10 12:46:54 | 000,002,241 | ---- | M] () -- C:\WINDOWS\panose.bin
[2012/03/09 14:46:27 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2012/03/09 00:20:29 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/09 00:08:42 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2012/03/07 02:26:21 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\µTorrent.lnk
[2012/03/06 23:51:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/05 04:01:04 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Copy of NOS.lnk
[2012/03/04 21:12:35 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/02 20:04:43 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 00:42:35 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\cdr.ini
[2012/03/01 18:48:15 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Free CD to MP3 Converter.lnk
[2012/03/01 17:46:41 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\3herosoft Audio Encoder.lnk
[2012/03/01 17:11:34 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DVDVideoSoft Free Studio.lnk
[2012/03/01 16:29:22 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\FreeRIP.lnk
[2012/03/01 16:27:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DVD Decrypter.lnk
[2012/03/01 04:02:27 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\AltoMP3 Gold.lnk
[2012/02/29 16:12:21 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Measurements.lnk
[2012/02/29 14:27:18 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\RENO.lnk
[2012/02/29 14:26:19 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\honda.lnk
[2012/02/29 14:21:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/02/29 14:21:37 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/02/29 12:30:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\WgaLogon.dll
[2012/02/28 17:53:12 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Copy of IrfanView.lnk
[2012/02/27 20:16:05 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2012/02/27 20:15:44 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to notepad.exe.lnk
[2012/02/27 15:35:02 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\KIJIJI.url
[2012/02/26 22:00:18 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/02/26 18:43:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/25 17:23:19 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Contact.lnk
[2012/02/25 16:39:29 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\PageMaker.lnk
[2012/02/25 04:59:03 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Freecell (2).lnk
[2012/02/25 04:41:01 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Weather.url
[2012/02/24 21:52:49 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NOS.lnk
[2012/02/24 19:59:05 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\VLC.lnk
[2012/02/24 16:40:22 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\mazanaEmails.lnk
[2012/02/24 14:08:03 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/24 13:57:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/23 14:53:56 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DLS.lnk
[2012/02/23 14:53:13 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Nick.lnk
[2012/02/22 20:16:25 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\IrfanView.lnk
[2012/02/22 18:42:10 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to wordpad.exe.lnk
[2012/02/22 18:41:13 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to notepad.exe.lnk
[2012/02/22 16:01:56 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/22 16:01:56 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/02/22 15:07:50 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\teksavvy.lnk
[2012/02/22 14:28:29 | 000,001,959 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NVIDIA Firewall.lnk
[2012/02/22 14:28:15 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/02/22 14:28:10 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FileName
[2012/02/22 14:23:49 | 000,020,905 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/02/22 14:21:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/22 14:12:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/22 13:54:58 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MagicTune Premium.lnk
[2012/02/22 13:54:58 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
[2012/02/21 13:51:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/02/20 20:27:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/20 20:25:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/02/20 20:24:02 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/02/20 20:21:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/20 20:21:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/20 20:21:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/20 20:21:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/02/20 20:21:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/02/20 20:21:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/20 20:21:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/02/20 20:21:23 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/20 20:18:14 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/20 20:14:22 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 12:41:14 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Soulseek.lnk
[2012/03/11 18:14:20 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/03/10 16:20:33 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\AutoSave_Untitled.skp
[2012/03/10 14:18:42 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2012/03/09 14:46:27 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2012/03/09 00:08:42 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2012/03/07 02:26:21 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\µTorrent.lnk
[2012/03/05 04:01:04 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Copy of NOS.lnk
[2012/03/04 21:12:35 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/01 18:48:20 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\cdr.ini
[2012/03/01 18:48:14 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Free CD to MP3 Converter.lnk
[2012/03/01 17:46:41 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\3herosoft Audio Encoder.lnk
[2012/03/01 17:11:34 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DVDVideoSoft Free Studio.lnk
[2012/03/01 16:29:22 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\FreeRIP.lnk
[2012/03/01 16:27:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DVD Decrypter.lnk
[2012/03/01 04:02:27 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\AltoMP3 Gold.lnk
[2012/02/29 16:12:25 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Measurements.lnk
[2012/02/29 14:31:37 | 000,000,577 | -H-- | C] () -- C:\Documents and Settings\Nick\Desktop\WOODWORK.lnk
[2012/02/29 14:27:20 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\RENO.lnk
[2012/02/29 14:26:21 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\honda.lnk
[2012/02/29 14:21:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/29 14:21:37 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/02/29 14:21:37 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/02/29 14:21:37 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/02/29 14:21:37 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/02/29 14:21:36 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/02/29 14:21:36 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/02/29 12:30:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2012/02/28 23:09:14 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Acrobat 7.0.lnk
[2012/02/28 17:53:12 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Copy of IrfanView.lnk
[2012/02/27 20:16:05 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2012/02/27 20:15:44 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to notepad.exe.lnk
[2012/02/27 15:34:09 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\KIJIJI.url
[2012/02/26 21:59:16 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/02/26 18:43:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/26 18:43:33 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/26 03:45:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\SubtitlesSynch.lnk
[2012/02/25 17:23:22 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Contact.lnk
[2012/02/25 16:46:40 | 000,002,241 | ---- | C] () -- C:\WINDOWS\panose.bin
[2012/02/25 16:39:29 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\PageMaker.lnk
[2012/02/25 16:15:48 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2012/02/25 16:15:48 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Designer 7.0.lnk
[2012/02/25 16:15:48 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/02/25 16:15:48 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2012/02/25 15:55:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2012/02/25 04:58:15 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Freecell (2).lnk
[2012/02/25 04:40:46 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Weather.url
[2012/02/24 21:52:51 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NOS.lnk
[2012/02/24 19:59:05 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\VLC.lnk
[2012/02/24 16:40:25 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\mazanaEmails.lnk
[2012/02/24 14:08:03 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/24 13:57:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/23 14:53:59 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DLS.lnk
[2012/02/23 14:53:16 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Nick.lnk
[2012/02/23 02:20:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/23 02:20:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/22 20:16:25 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\IrfanView.lnk
[2012/02/22 19:10:26 | 000,000,479 | R--- | C] () -- C:\WINDOWS\System32\SSGH1LMK.SMT
[2012/02/22 18:42:10 | 000,001,029 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to wordpad.exe.lnk
[2012/02/22 18:41:13 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Shortcut to notepad.exe.lnk
[2012/02/22 18:32:10 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/22 16:01:56 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/22 16:01:56 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/02/22 15:07:50 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\teksavvy.lnk
[2012/02/22 14:28:29 | 000,001,959 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NVIDIA Firewall.lnk
[2012/02/22 14:28:15 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/02/22 14:28:10 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FileName
[2012/02/22 14:16:24 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/02/22 14:16:24 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/02/22 14:16:24 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/02/22 14:16:24 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/02/22 14:16:24 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/02/22 14:16:24 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/02/22 14:16:24 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/02/22 14:16:23 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/02/22 14:16:23 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/02/22 14:16:23 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/02/22 14:16:23 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/02/22 14:16:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/02/22 14:16:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/02/22 14:16:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/02/22 14:16:23 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/02/22 14:16:23 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/02/22 14:16:23 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/02/22 14:16:23 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/02/22 14:16:23 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/02/22 14:16:23 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/02/22 14:16:23 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/02/22 14:16:23 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/02/22 14:16:23 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/02/22 14:16:23 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/02/22 14:16:23 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/02/22 14:16:23 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/02/22 14:16:23 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/02/22 14:16:23 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/02/22 14:16:23 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/02/22 14:16:22 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/02/22 14:16:22 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/02/22 14:16:22 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/02/22 14:16:22 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/02/22 14:16:22 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/02/22 14:16:22 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/02/22 14:16:22 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/02/22 14:16:22 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/02/22 14:16:22 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/02/22 14:16:22 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/02/22 14:16:22 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/02/22 14:16:22 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/02/22 14:16:22 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/02/22 14:16:22 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/02/22 14:16:22 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/02/22 14:16:22 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/02/22 14:16:22 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/02/22 14:16:22 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/02/22 14:16:22 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/02/22 14:16:22 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/02/22 14:16:22 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/02/22 14:16:22 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/02/22 14:16:22 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/02/22 14:16:22 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/02/22 14:16:22 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/02/22 14:16:22 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/02/22 14:16:22 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/02/22 14:16:22 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/02/22 14:16:22 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/02/22 14:16:22 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/02/22 14:16:22 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/02/22 14:16:22 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/02/22 14:16:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/02/22 14:16:22 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/02/22 14:16:22 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/02/22 14:16:22 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/02/22 14:16:22 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/02/22 14:16:22 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/02/22 14:16:21 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/02/22 14:16:21 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/02/22 14:16:21 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/02/22 14:16:21 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/02/22 14:16:21 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/02/22 14:16:21 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/02/22 14:16:21 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/02/22 14:16:21 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/02/22 14:16:21 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/02/22 14:16:21 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/02/22 14:16:21 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/02/22 14:16:21 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/02/22 14:16:21 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/02/22 14:12:38 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/02/22 14:12:38 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/02/22 14:12:36 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/02/22 13:54:58 | 000,000,571 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MagicTune Premium.lnk
[2012/02/22 13:54:58 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
[2012/02/22 13:54:58 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MagicTunePremium.lnk
[2012/02/22 13:47:51 | 000,039,291 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/22 13:47:34 | 000,015,868 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/02/22 13:16:25 | 000,003,632 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2012/02/22 13:16:22 | 000,001,391 | R--- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2012/02/22 13:14:48 | 000,000,705 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2012/02/22 13:14:48 | 000,000,265 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2012/02/22 13:14:47 | 000,271,078 | R--- | C] () -- C:\WINDOWS\System32\Alert.bmp
[2012/02/22 13:03:46 | 000,020,905 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/02/22 13:03:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012/02/22 13:03:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/02/21 13:51:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/02/20 20:27:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/20 20:27:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Outlook Express.lnk
[2012/02/20 20:27:28 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Internet Explorer.lnk
[2012/02/20 20:27:11 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Remote Assistance.lnk
[2012/02/20 20:27:11 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Windows Media Player.lnk
[2012/02/20 20:25:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/02/20 20:24:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 20:23:29 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/02/20 20:23:15 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/02/20 20:23:08 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/02/20 20:23:07 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/02/20 20:23:04 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/02/20 20:22:56 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/02/20 20:22:51 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/02/20 20:22:38 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/02/20 20:21:43 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/20 20:21:43 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/02/20 20:21:43 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/02/20 20:21:43 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/02/20 20:21:43 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/02/20 20:21:35 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/20 20:21:34 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/20 20:21:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/02/20 20:20:23 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/02/20 20:20:09 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/02/20 20:19:32 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/02/20 20:19:32 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/02/20 20:19:24 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/02/20 20:18:16 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/02/20 20:18:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/20 20:17:41 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/02/20 20:17:10 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/02/20 20:17:10 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/02/20 20:17:10 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/02/20 20:17:10 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/02/20 20:17:10 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/02/20 20:17:10 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/02/20 20:17:09 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/02/20 20:17:09 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/02/20 20:17:09 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/02/20 20:17:09 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/02/20 20:17:09 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/02/20 20:17:06 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/02/20 20:17:05 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/02/20 20:17:04 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/02/20 20:16:56 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/02/20 14:49:30 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/20 14:49:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/20 14:49:24 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/02/20 14:49:24 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/02/20 14:49:24 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/02/20 14:49:23 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/02/20 14:49:02 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/02/20 14:47:12 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/02/20 14:47:12 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/02/20 14:47:12 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/02/20 14:47:12 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/02/20 14:47:12 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/02/20 14:47:12 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/02/20 14:47:12 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/02/20 14:47:11 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012/02/20 14:46:29 | 000,134,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/20 14:45:27 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/02/20 14:45:22 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2012/03/12 20:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/03/11 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/03/01 16:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2012/02/28 03:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2012/03/12 13:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/16 12:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Azureus
[2012/03/11 18:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\CheckPoint
[2012/03/01 17:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\DVDVideoSoft
[2012/03/01 17:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\DVDVideoSoftIEHelpers
[2012/02/26 22:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\FileZilla
[2012/02/22 15:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Thunderbird
[2012/03/09 00:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 19:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 19:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 19:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 19:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC

< End of report >

Edited by NickKeenan, 16 March 2012 - 12:29 PM.

  • 0

#4
maliprog
Posted 16 March 2012 - 02:04 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You did it right. My Step 3 is only reminder to you. Actual file names of logs, that you should post, is always written in step that you are doing.

Please do Step 2 and run GMER scan. Post Results.log after the scan.
  • 0

#5
NickKeenan
Posted 17 March 2012 - 11:49 AM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
==================Nick's note================================
I started the GMER scan on all drives (C,D,E,F,G,J,K,L) on 17 March at 4:53am. At 9:50am, when I saw the Stop error screen quoted below, I searched C: for recently created files. There was nothing created from 4:50am until 7:11am presumably the time of the Stop error.

The file created/modified at 7:11am is wbemcore.lo_.
The first entry in wbemcore.lo_. is:
(Sat Mar 17 05:26:30 2012.61814234) : GetUserDefaultLCID failed, restorting to system verion
This exact same entry repeats about every 10 seconds or so until
(Sat Mar 17 07:11:45 2012.68129187)

I reran GMER but only selected C: and D: drives and I include the log file named ResultsC-D.log below.
Most of the content in E:, F:, G:, J:, K: and usb external L: drives is just jpgs or movies.

Question: Should I run GMER again? If so, what drives should I include?
==================End Nick's note=========================

=====================Start of 'Stop Error' screen text===================
A problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time you've seen this stop error screen, restart your computer.
If this screen appears again follow these steps:
Check to be sure you have adequate disk space. If a driver is indentified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.
Check with your hardware vendor for any BIOS updates. Diable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select Safe Mode.
Technical information:
*** STOP: 0x0000008E (0xC0000006,0xBF8066EA,0xB485AB18,0x00000000)
*** win2k.sys - Address BF8066EA base at BF800000, Datestamp 4f0f0ff9
Beginning dump of physical memory
Physical memory dump complete
Contact your system administrator of technical support group for further assistance.
=====================End of Stop Error screen text===================

====================Start of ResultsC-D.log (GMER)==============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-17 12:12:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3200822AS rev.3.01
Running: rx1z5kny.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\agkyraod.sys


---- System - GMER 1.0.15 ----

SSDT BA6DCB7C ZwClose
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB6BD52F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB6BCF5CA]
SSDT BA6DCB36 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB6BD5A80]
SSDT BA6DCB86 ZwCreateSection
SSDT BA6DCB2C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB6BD5BB6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB6BD01E0]
SSDT BA6DCB3B ZwDeleteKey
SSDT BA6DCB45 ZwDeleteValueKey
SSDT BA6DCB77 ZwDuplicateObject
SSDT BA6DCB4A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB6BF099C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB6BCFDF2]
SSDT BA6DCB18 ZwOpenProcess
SSDT BA6DCB1D ZwOpenThread
SSDT BA6DCB9F ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB6BF172A]
SSDT BA6DCB54 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB6BD4EC4]
SSDT BA6DCB4F ZwRestoreKey
SSDT BA6DCB8B ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB6BD05A4]
SSDT BA6DCB95 ZwSetSecurityObject
SSDT BA6DCB40 ZwSetValueKey
SSDT BA6DCB9A ZwSystemDebugControl
SSDT BA6DCB27 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9A30360, 0x20469D, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB6D3FA80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[312] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[428] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eraser\eraser.exe[556] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\GammaTray.exe[732] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[856] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1644] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[1936] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2608] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\rx1z5kny.exe[2676] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\MagicTune Premium\MagicTune.exe[3252] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[3864] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6BDA3F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6BDA24C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6BDAA3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6BD89A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6BD89A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6BDA3F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6BDA24C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6BDAA3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6BDA3F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6BD89A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6BDAA3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6BDA24C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6BDAA3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6BDA24C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6BDA3F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6BD89A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6BDA3F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6BDA24C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6BDAA3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B6BDAA3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B6BDA24C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B6BD89A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B6BDA3F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[236] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\nvsvc32.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[428] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Eraser\eraser.exe[556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[604] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\MagicTune Premium\GammaTray.exe[732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10003E90] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10004380] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [10004340] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [100020F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1592] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[1644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\cisvc.exe[1936] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\MagicTune Premium\MagicTuneEngine.exe[2016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wscntfy.exe[2608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\rx1z5kny.exe[2676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\MagicTune Premium\MagicTune.exe[3252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\cidaemon.exe[3864] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

====================End of ResultsC-D.log (GMER)==============
  • 0

#6
maliprog
Posted 18 March 2012 - 02:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi NickKeenan,

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
NickKeenan
Posted 18 March 2012 - 04:08 PM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
The ComboFix log follows this message.
The machine shows no difference in performance than over the last few days.
Tetris falling pieces still momentarily 'stall' before responding to arrow keystrokes.
Before the infection the Tetris piece would immediately respond with no discernible delay.

Except for that Stop Error crash when I first ran GMER, there've been no further crashes.

One difference is that I'm missing several icons in the system tray, notably Nvidia firewall and ZoneAlarm firewall, but Avira is still there.

Was malware found? Can you tell me what it was - was it a rootkit?

I don't think it's a clean machine yet - I hope we can continue working on it.
Much appreciation - big thanks - ComboFix log follows..


ComboFix 12-03-17.01 - Nick 03/18/2012 17:08:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1532 [GMT -4:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 20:10 . 2012-03-16 20:10 302592 ----a-w- C:\rx1z5kny.exe
2012-03-07 01:04 . 2012-03-07 01:06 -------- d-----w- C:\XPupdates
2012-03-01 21:47 . 2012-03-01 21:47 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-03 22:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 14:40 . 2012-02-24 18:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\eraser.exe" [2003-07-25 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-29 270336]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2012-2-25 25214]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2012-2-22 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/4/2012 9:12 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/4/2012 9:12 PM 86224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497280]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [12/27/2005 1:09 AM 33792]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2/20/2012 2:52 PM 11520]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\documents and settings\Nick\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Nick\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\um5jyn3v.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\02\06\19\02+\03«"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CheckPoint\ZoneAlarm\vsmon.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Completion time: 2012-03-18 17:19:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 21:19
.
Pre-Run: 22,159,151,104 bytes free
Post-Run: 24,228,614,144 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A90F27EAEF92433E1E0FDE984E38096E
  • 0

#8
maliprog
Posted 19 March 2012 - 12:25 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi NickKeenan,

Was malware found? Can you tell me what it was - was it a rootkit?


For now I don't see malware but if it's there we will find it :)

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 3

How is you system when you use it in Safe Mode

Please restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Step 4

Please don't forget to include these items in your reply:

  • aswMBR log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#9
NickKeenan
Posted 19 March 2012 - 09:29 AM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
=====================================================
1. TDSSKiller.2.7.20.0_19.03.2012_10.41.03_log.txt follows these comments
2. aswMBR.txt follows as separate post
3. attached MBR.zip (MBR.dat)
4. TDSSKiller did not offer 'Reboot now' but I rebooted anyway
5. aswMBR offered to download Avast! antivirus, but I declined
6. Performed SafeMode Tetris before and after TDSSKiller and aswMBR - no change - still slow.
=====================================================

10:41:03.0640 3088 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
10:41:05.0640 3088 ============================================================
10:41:05.0640 3088 Current date / time: 2012/03/19 10:41:05.0640
10:41:05.0640 3088 SystemInfo:
10:41:05.0640 3088
10:41:05.0640 3088 OS Version: 5.1.2600 ServicePack: 3.0
10:41:05.0640 3088 Product type: Workstation
10:41:05.0640 3088 ComputerName: GENERALSPECIFIX
10:41:05.0640 3088 UserName: Nick
10:41:05.0640 3088 Windows directory: C:\WINDOWS
10:41:05.0640 3088 System windows directory: C:\WINDOWS
10:41:05.0640 3088 Processor architecture: Intel x86
10:41:05.0640 3088 Number of processors: 1
10:41:05.0640 3088 Page size: 0x1000
10:41:05.0640 3088 Boot type: Normal boot
10:41:05.0640 3088 ============================================================
10:41:08.0078 3088 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:41:08.0093 3088 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:41:08.0093 3088 Drive \Device\Harddisk2\DR9 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:41:08.0109 3088 \Device\Harddisk1\DR1:
10:41:08.0125 3088 MBR used
10:41:08.0125 3088 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
10:41:08.0125 3088 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0xC34F2CC
10:41:08.0125 3088 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0xC34F2CC
10:41:08.0140 3088 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x249ED8A3, BlocksNum 0xC34F28D
10:41:08.0140 3088 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x30D3CB6F, BlocksNum 0x96480D2
10:41:08.0140 3088 \Device\Harddisk0\DR0:
10:41:08.0140 3088 MBR used
10:41:08.0140 3088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
10:41:08.0156 3088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x1267B096
10:41:08.0156 3088 \Device\Harddisk2\DR9:
10:41:08.0171 3088 MBR used
10:41:08.0171 3088 \Device\Harddisk2\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
10:41:08.0343 3088 Initialize success
10:41:08.0343 3088 ============================================================
10:42:08.0546 3544 ============================================================
10:42:08.0562 3544 Scan started
10:42:08.0562 3544 Mode: Manual; SigCheck; TDLFS;
10:42:08.0562 3544 ============================================================
10:42:08.0921 3544 Abiosdsk - ok
10:42:08.0937 3544 abp480n5 - ok
10:42:08.0968 3544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:42:09.0421 3544 ACPI - ok
10:42:09.0468 3544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:42:09.0593 3544 ACPIEC - ok
10:42:09.0640 3544 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:42:09.0703 3544 ADIHdAudAddService - ok
10:42:09.0718 3544 adpu160m - ok
10:42:09.0734 3544 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
10:42:09.0765 3544 AEAudioService - ok
10:42:09.0812 3544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:42:09.0953 3544 aec - ok
10:42:10.0000 3544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:42:10.0062 3544 AFD - ok
10:42:10.0078 3544 Aha154x - ok
10:42:10.0093 3544 aic78u2 - ok
10:42:10.0125 3544 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:42:10.0265 3544 aic78xx - ok
10:42:10.0281 3544 AliIde - ok
10:42:10.0328 3544 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:42:10.0375 3544 AmdK8 - ok
10:42:10.0390 3544 amsint - ok
10:42:10.0437 3544 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:42:10.0546 3544 Arp1394 - ok
10:42:10.0562 3544 asc - ok
10:42:10.0578 3544 asc3350p - ok
10:42:10.0593 3544 asc3550 - ok
10:42:10.0640 3544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:42:10.0750 3544 AsyncMac - ok
10:42:10.0781 3544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:42:10.0890 3544 atapi - ok
10:42:10.0906 3544 Atdisk - ok
10:42:10.0937 3544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:42:11.0062 3544 Atmarpc - ok
10:42:11.0093 3544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:42:11.0234 3544 audstub - ok
10:42:11.0265 3544 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:42:11.0343 3544 avgntflt - ok
10:42:11.0375 3544 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:42:11.0390 3544 avipbb - ok
10:42:11.0421 3544 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:42:11.0437 3544 avkmgr - ok
10:42:11.0468 3544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:42:11.0625 3544 Beep - ok
10:42:11.0640 3544 catchme - ok
10:42:11.0671 3544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:42:11.0828 3544 cbidf2k - ok
10:42:11.0843 3544 cd20xrnt - ok
10:42:11.0859 3544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:42:12.0000 3544 Cdaudio - ok
10:42:12.0031 3544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:42:12.0156 3544 Cdfs - ok
10:42:12.0171 3544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:42:12.0312 3544 Cdrom - ok
10:42:12.0328 3544 Changer - ok
10:42:12.0343 3544 CmdIde - ok
10:42:12.0375 3544 Cpqarray - ok
10:42:12.0406 3544 dac2w2k - ok
10:42:12.0421 3544 dac960nt - ok
10:42:12.0437 3544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:42:12.0562 3544 Disk - ok
10:42:12.0640 3544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:42:12.0781 3544 dmboot - ok
10:42:12.0796 3544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:42:12.0921 3544 dmio - ok
10:42:12.0937 3544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:42:13.0093 3544 dmload - ok
10:42:13.0125 3544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:42:13.0234 3544 DMusic - ok
10:42:13.0265 3544 dpti2o - ok
10:42:13.0281 3544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:42:13.0375 3544 drmkaud - ok
10:42:13.0421 3544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:42:13.0531 3544 Fastfat - ok
10:42:13.0562 3544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:42:13.0671 3544 Fdc - ok
10:42:13.0703 3544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:42:13.0828 3544 Fips - ok
10:42:13.0859 3544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:42:13.0953 3544 Flpydisk - ok
10:42:13.0984 3544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:42:14.0125 3544 FltMgr - ok
10:42:14.0156 3544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:42:14.0312 3544 Fs_Rec - ok
10:42:14.0328 3544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:42:14.0484 3544 Ftdisk - ok
10:42:14.0515 3544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:42:14.0625 3544 Gpc - ok
10:42:14.0656 3544 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
10:42:14.0703 3544 HdAudAddService - ok
10:42:14.0734 3544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:42:14.0843 3544 HDAudBus - ok
10:42:14.0890 3544 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:42:15.0000 3544 hidusb - ok
10:42:15.0031 3544 hpn - ok
10:42:15.0062 3544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:42:15.0109 3544 HTTP - ok
10:42:15.0125 3544 i2omgmt - ok
10:42:15.0140 3544 i2omp - ok
10:42:15.0171 3544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:42:15.0296 3544 i8042prt - ok
10:42:15.0312 3544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:42:15.0421 3544 Imapi - ok
10:42:15.0453 3544 ini910u - ok
10:42:15.0468 3544 IntelIde - ok
10:42:15.0500 3544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:42:15.0609 3544 Ip6Fw - ok
10:42:15.0640 3544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:42:15.0796 3544 IpFilterDriver - ok
10:42:15.0828 3544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:42:15.0937 3544 IpInIp - ok
10:42:15.0968 3544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:42:16.0078 3544 IpNat - ok
10:42:16.0109 3544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:42:16.0218 3544 IPSec - ok
10:42:16.0250 3544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:42:16.0343 3544 IRENUM - ok
10:42:16.0375 3544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:42:16.0500 3544 isapnp - ok
10:42:16.0562 3544 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:42:16.0593 3544 ISWKL - ok
10:42:16.0609 3544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:42:16.0718 3544 Kbdclass - ok
10:42:16.0750 3544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:42:16.0875 3544 kmixer - ok
10:42:16.0921 3544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:42:16.0984 3544 KSecDD - ok
10:42:17.0015 3544 lbrtfdc - ok
10:42:17.0046 3544 MagicTune (27ebe229cbb97494eb84de3cb76930b7) C:\WINDOWS\system32\drivers\MTiCtwl.sys
10:42:17.0062 3544 MagicTune ( UnsignedFile.Multi.Generic ) - warning
10:42:17.0062 3544 MagicTune - detected UnsignedFile.Multi.Generic (1)
10:42:17.0109 3544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:42:17.0250 3544 mnmdd - ok
10:42:17.0281 3544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:42:17.0406 3544 Modem - ok
10:42:17.0421 3544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:42:17.0531 3544 Mouclass - ok
10:42:17.0562 3544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:42:17.0703 3544 mouhid - ok
10:42:17.0718 3544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:42:17.0828 3544 MountMgr - ok
10:42:17.0843 3544 mraid35x - ok
10:42:17.0875 3544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:42:18.0000 3544 MRxDAV - ok
10:42:18.0046 3544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:42:18.0125 3544 MRxSmb - ok
10:42:18.0156 3544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:42:18.0281 3544 Msfs - ok
10:42:18.0312 3544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:42:18.0406 3544 MSKSSRV - ok
10:42:18.0437 3544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:42:18.0546 3544 MSPCLOCK - ok
10:42:18.0562 3544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:42:18.0671 3544 MSPQM - ok
10:42:18.0703 3544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:42:18.0812 3544 mssmbios - ok
10:42:18.0843 3544 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:42:18.0890 3544 MTsensor - ok
10:42:18.0937 3544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:42:18.0984 3544 Mup - ok
10:42:19.0031 3544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:42:19.0156 3544 NDIS - ok
10:42:19.0203 3544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:42:19.0234 3544 NdisTapi - ok
10:42:19.0250 3544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:42:19.0359 3544 Ndisuio - ok
10:42:19.0375 3544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:42:19.0500 3544 NdisWan - ok
10:42:19.0531 3544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:42:19.0593 3544 NDProxy - ok
10:42:19.0625 3544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:42:19.0734 3544 NetBIOS - ok
10:42:19.0765 3544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:42:19.0890 3544 NetBT - ok
10:42:19.0937 3544 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:42:20.0046 3544 NIC1394 - ok
10:42:20.0093 3544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:42:20.0203 3544 Npfs - ok
10:42:20.0234 3544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:42:20.0406 3544 Ntfs - ok
10:42:20.0453 3544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:42:20.0593 3544 Null - ok
10:42:20.0718 3544 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:42:21.0046 3544 nv - ok
10:42:21.0093 3544 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:42:21.0125 3544 NVENETFD - ok
10:42:21.0156 3544 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:42:21.0218 3544 nvnetbus - ok
10:42:21.0250 3544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:42:21.0421 3544 NwlnkFlt - ok
10:42:21.0437 3544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:42:21.0593 3544 NwlnkFwd - ok
10:42:21.0625 3544 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:42:21.0734 3544 ohci1394 - ok
10:42:21.0765 3544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:42:21.0875 3544 Parport - ok
10:42:21.0890 3544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:42:22.0000 3544 PartMgr - ok
10:42:22.0031 3544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:42:22.0171 3544 ParVdm - ok
10:42:22.0187 3544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:42:22.0296 3544 PCI - ok
10:42:22.0312 3544 PCIDump - ok
10:42:22.0343 3544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:42:22.0484 3544 PCIIde - ok
10:42:22.0515 3544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:42:22.0640 3544 Pcmcia - ok
10:42:22.0656 3544 PDCOMP - ok
10:42:22.0671 3544 PDFRAME - ok
10:42:22.0703 3544 PDRELI - ok
10:42:22.0718 3544 PDRFRAME - ok
10:42:22.0734 3544 perc2 - ok
10:42:22.0750 3544 perc2hib - ok
10:42:22.0796 3544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:42:22.0906 3544 PptpMiniport - ok
10:42:22.0937 3544 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:42:23.0046 3544 Processor - ok
10:42:23.0109 3544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:42:23.0218 3544 PSched - ok
10:42:23.0265 3544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:42:23.0406 3544 Ptilink - ok
10:42:23.0437 3544 ql1080 - ok
10:42:23.0453 3544 Ql10wnt - ok
10:42:23.0484 3544 ql12160 - ok
10:42:23.0500 3544 ql1240 - ok
10:42:23.0531 3544 ql1280 - ok
10:42:23.0562 3544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:42:23.0718 3544 RasAcd - ok
10:42:23.0765 3544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:42:23.0875 3544 Rasl2tp - ok
10:42:23.0890 3544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:42:24.0000 3544 RasPppoe - ok
10:42:24.0015 3544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:42:24.0171 3544 Raspti - ok
10:42:24.0203 3544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:42:24.0312 3544 Rdbss - ok
10:42:24.0328 3544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:42:24.0484 3544 RDPCDD - ok
10:42:24.0515 3544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:42:24.0640 3544 rdpdr - ok
10:42:24.0687 3544 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:42:24.0750 3544 RDPWD - ok
10:42:24.0781 3544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:42:24.0890 3544 redbook - ok
10:42:24.0937 3544 RMSPPPOE (9ffc7e81313d48a27df2727f82e402d4) C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS
10:42:24.0953 3544 RMSPPPOE ( UnsignedFile.Multi.Generic ) - warning
10:42:24.0953 3544 RMSPPPOE - detected UnsignedFile.Multi.Generic (1)
10:42:25.0015 3544 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
10:42:25.0125 3544 scsiscan - ok
10:42:25.0156 3544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:42:25.0265 3544 Secdrv - ok
10:42:25.0312 3544 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
10:42:25.0343 3544 SenFiltService - ok
10:42:25.0375 3544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:42:25.0484 3544 serenum - ok
10:42:25.0500 3544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:42:25.0609 3544 Serial - ok
10:42:25.0640 3544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:42:25.0734 3544 Sfloppy - ok
10:42:25.0765 3544 Simbad - ok
10:42:25.0781 3544 Sparrow - ok
10:42:25.0812 3544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:42:25.0906 3544 splitter - ok
10:42:25.0937 3544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:42:26.0046 3544 sr - ok
10:42:26.0093 3544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:42:26.0171 3544 Srv - ok
10:42:26.0203 3544 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:42:26.0218 3544 ssmdrv - ok
10:42:26.0250 3544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:42:26.0359 3544 swenum - ok
10:42:26.0375 3544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:42:26.0484 3544 swmidi - ok
10:42:26.0515 3544 symc810 - ok
10:42:26.0531 3544 symc8xx - ok
10:42:26.0546 3544 sym_hi - ok
10:42:26.0562 3544 sym_u3 - ok
10:42:26.0593 3544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:42:26.0703 3544 sysaudio - ok
10:42:26.0750 3544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:42:26.0859 3544 Tcpip - ok
10:42:26.0906 3544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:42:27.0000 3544 TDPIPE - ok
10:42:27.0046 3544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:42:27.0171 3544 TDTCP - ok
10:42:27.0203 3544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:42:27.0312 3544 TermDD - ok
10:42:27.0328 3544 TosIde - ok
10:42:27.0375 3544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:42:27.0468 3544 Udfs - ok
10:42:27.0484 3544 ultra - ok
10:42:27.0531 3544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:42:27.0671 3544 Update - ok
10:42:27.0718 3544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:42:27.0812 3544 usbehci - ok
10:42:27.0859 3544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:42:27.0968 3544 usbhub - ok
10:42:28.0000 3544 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:42:28.0109 3544 usbohci - ok
10:42:28.0140 3544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:42:28.0250 3544 usbstor - ok
10:42:28.0281 3544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:42:28.0390 3544 VgaSave - ok
10:42:28.0406 3544 ViaIde - ok
10:42:28.0437 3544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:42:28.0546 3544 VolSnap - ok
10:42:28.0593 3544 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
10:42:28.0640 3544 Vsdatant - ok
10:42:28.0687 3544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:42:28.0796 3544 Wanarp - ok
10:42:28.0812 3544 WDICA - ok
10:42:28.0859 3544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:42:28.0953 3544 wdmaud - ok
10:42:29.0046 3544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:42:29.0187 3544 WS2IFSL - ok
10:42:29.0234 3544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:42:29.0546 3544 \Device\Harddisk1\DR1 - ok
10:42:29.0562 3544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:42:29.0718 3544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:42:29.0718 3544 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:42:29.0750 3544 MBR (0x1B8) (256b453263093eca750c20387813b317) \Device\Harddisk2\DR9
10:42:30.0296 3544 \Device\Harddisk2\DR9 - ok
10:42:30.0312 3544 Boot (0x1200) (c9d8a2c5c21bac54ab94cdf4702752b0) \Device\Harddisk1\DR1\Partition0
10:42:30.0312 3544 \Device\Harddisk1\DR1\Partition0 - ok
10:42:30.0328 3544 Boot (0x1200) (159993b34a57d862318094accb62bd8e) \Device\Harddisk1\DR1\Partition1
10:42:30.0328 3544 \Device\Harddisk1\DR1\Partition1 - ok
10:42:30.0359 3544 Boot (0x1200) (cda92e7591a2f7d468c28ca528af313a) \Device\Harddisk1\DR1\Partition2
10:42:30.0359 3544 \Device\Harddisk1\DR1\Partition2 - ok
10:42:30.0359 3544 Boot (0x1200) (e1a0028ba68f430c0d17a92bb2466b79) \Device\Harddisk1\DR1\Partition3
10:42:30.0359 3544 \Device\Harddisk1\DR1\Partition3 - ok
10:42:30.0390 3544 Boot (0x1200) (1966f087464259fa068cc65e549ef70c) \Device\Harddisk1\DR1\Partition4
10:42:30.0390 3544 \Device\Harddisk1\DR1\Partition4 - ok
10:42:30.0390 3544 Boot (0x1200) (1238c4d5ac7555ec6bba4a49002ca329) \Device\Harddisk0\DR0\Partition0
10:42:30.0390 3544 \Device\Harddisk0\DR0\Partition0 - ok
10:42:30.0406 3544 Boot (0x1200) (cff4dfbbe60e2ff63cf8da95742eb781) \Device\Harddisk0\DR0\Partition1
10:42:30.0406 3544 \Device\Harddisk0\DR0\Partition1 - ok
10:42:30.0421 3544 Boot (0x1200) (3043a772b38971e651d5c7f356ccb86d) \Device\Harddisk2\DR9\Partition0
10:42:30.0437 3544 \Device\Harddisk2\DR9\Partition0 - ok
10:42:30.0437 3544 ============================================================
10:42:30.0437 3544 Scan finished
10:42:30.0437 3544 ============================================================
10:42:30.0546 0356 Detected object count: 3
10:42:30.0546 0356 Actual detected object count: 3
10:43:20.0015 0356 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:20.0015 0356 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:20.0015 0356 RMSPPPOE ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:20.0015 0356 RMSPPPOE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:20.0015 0356 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:43:20.0015 0356 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:44:11.0078 2556 Deinitialize success

Edited by NickKeenan, 19 March 2012 - 09:59 AM.

  • 0

#10
NickKeenan
Posted 19 March 2012 - 09:41 AM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
aswMBR.txt follows
================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 10:51:13
-----------------------------
10:51:13.484 OS Version: Windows 5.1.2600 Service Pack 3
10:51:13.484 Number of processors: 1 586 0x2F02
10:51:13.484 ComputerName: GENERALSPECIFIX UserName: Nick
10:51:13.812 Initialize success
10:53:14.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
10:53:14.640 Disk 0 Vendor: ST3200822AS 3.01 Size: 190782MB BusType: 3
10:53:14.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-1f
10:53:14.640 Disk 1 Vendor: ST3500630A 3.AAF Size: 476940MB BusType: 3
10:53:14.656 Disk 0 MBR read successfully
10:53:14.656 Disk 0 MBR scan
10:53:14.671 Disk 0 Windows XP default MBR code
10:53:14.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
10:53:14.671 Disk 0 Partition - 00 0F Extended LBA 150774 MB offset 81915435
10:53:14.687 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150774 MB offset 81915498
10:53:14.687 Disk 0 scanning sectors +390700800
10:53:14.750 Disk 0 scanning C:\WINDOWS\system32\drivers
10:53:21.750 Service scanning
10:53:28.921 Modules scanning
10:53:33.265 Disk 0 trace - called modules:
10:53:33.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:53:33.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a531ab8]
10:53:33.281 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a563f18]
10:53:33.281 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a534940]
10:53:33.296 Scan finished successfully
10:54:11.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nick\Desktop\MBR.dat"
10:54:11.843 The log file has been saved successfully to "C:\Documents and Settings\Nick\Desktop\aswMBR.txt"
  • 0

Advertisements

#11
maliprog
Posted 19 March 2012 - 02:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Run TDSSKiller again. After the scan please choose Cure for TDSS File System on DR0. Restart your system after the Cure and let me know how is it now.

10:42:29.0562 3544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:42:29.0718 3544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:42:29.0718 3544 \Device\Harddisk0\DR0 - detected TDSS File System (1)

  • 0

#12
NickKeenan
Posted 19 March 2012 - 07:36 PM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
TDSSKiller found 3 threats, same as before, but didn't offer Cure.
I ran TDSSKiller several times trying with and without Changing parameters.
With no parameter changes it found no threats.
I see the last threat has the string DR0 in it but no Cure offered for it.
I've pasted in the scan result here..


D:\Nick\GeeksToGo\05MAR12\19MAR04.jpg


Doesn't look like the paste works.. so I'll attach it.

/nick

Attached Thumbnails

  • 19MAR04.jpg

Edited by NickKeenan, 19 March 2012 - 07:38 PM.

  • 0

#13
NickKeenan
Posted 21 March 2012 - 08:41 AM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I'm going to re-run TDSSKiller again and select
Copy to quarantine for TDSS File system on DR0.
Then boot and check performance and report back.
/nick
  • 0

#14
NickKeenan
Posted 21 March 2012 - 09:40 AM

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
To Malprog..

I re-ran TDSSKiller (using changed parms),
Copied to quaratine for TDSS File system on DR0,
rebooted, re-ran TDSSKiller again.
It found TDSS File system on DR0 even though I
quarantined it on the previous run.

Tetris check shows system still slow.

Please advise.

Thanks..
/nick
  • 0

#15
maliprog
Posted 22 March 2012 - 12:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'll look into it. Until then please do this step and let me know results.

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

This step usually fix some errors related to BSOD.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP