Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked browser and other malware I can't remove


  • This topic is locked This topic is locked
19 replies to this topic

#1 myklnz

myklnz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 04 January 2011 - 12:56 PM

I seem to have picked up some nasty malware in the past couple of days and have been working through the site trying to figure out how to eradicate these bits.

While it seems I had some initial success, my computer is now acting up again.

The obvious symtom is when I try to go to certain websites I get redirected to others. Also I disabled dodgy services that were starting automatically yet they were running again the next time I restarted my computer. As well there were some running that had a manual startup type and a couple that I could not stop or change

At one point it seemed that some file was being executed at boot time - didn't catch the exact messages but this looked extremely suspicious.

This is a Dell Latitude D630 running Windows XP Pro 2002 SP 3.

Here is the current HJT logfile. I would certainly appreciate any guidance or suggestions to clean up my system - thanks in advance!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:14 PM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mlindsey\My Documents\FIXES\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 12.148.248.131 connect.netezza.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\mlindsey\Local Settings\Temporary Internet Files\Content.IE5\01MFB7NS\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212863241526
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netezza.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.netezza.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://12.36.6.185/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netezza.com
O17 - HKLM\Software\..\Telephony: DomainName = netezza.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = netezza.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = netezza.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca838527eeff06) (gupdate1ca838527eeff06) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9862 bytes

Edited by elise025, 04 January 2011 - 01:13 PM.
Since a log is posted, I am moving this to the malware removal forum ~ Elise


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 09 January 2011 - 07:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 January 2011 - 05:00 PM

Hi m0le and thanks for taking a look at this.

I had some success removing the following with the Kaspersky virus removal tool though I cannot install the Anti-Virus or Internet Security modules as they tell me the system still appears to be infected.

Trojan-Downloader.Java.OpenConnection.cf (& cg)
Trojan-Downloader.Java.Agent.cf (% fe)
Exploit.Java.Agent.as (& ar)
Trojan-Spy.HTML.Fraud.gen (quarantined)

I ran Spybot S&D which removed some cookies.

I also changed the name of iexplore.com as multiple copies were running in the background and in some cases I could hear audio from web sites even though there were no IE windows actually open.


Here is the DDS log:

DDS (Ver_10-12-12.01) - NTFSx86
Run by myklnz at 11:39:49.96 on Mon 01/10/2011
Internet Explorer: 8.0.6001.18702
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CardScan AutoSync]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [HijackThis startup scan] c:\documents and settings\mlindsey\local settings\temporary internet files\content.ie5\01mfb7ns\HijackThis.exe /startupscan
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\mlindsey\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\mlindsey\desktop\virus removal tool\setup_9.0.0.722_08.01.2011_14-36\startup.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: netezza.com\connect
Trusted Zone: netezza.com\docushare2
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212863241526
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://netezza.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.netezza.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://12.36.6.185/dana-cached/sc/JuniperSetupClient.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 12.148.248.131 connect.netezza.com

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-01-08 16:12:20 7168 ----a-w- c:\windows\system32\drivers\uti2nzg0.sys
2011-01-08 16:08:03 37392 ----a-w- c:\windows\system32\drivers\95599982.sys
2011-01-08 16:08:03 315408 ----a-w- c:\windows\system32\drivers\9559998.sys
2011-01-08 16:08:03 128016 ----a-w- c:\windows\system32\drivers\95599981.sys
2011-01-08 15:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-01-05 01:29:35 -------- d-----w- c:\docume~1\mlindsey\applic~1\CheckPoint
2011-01-05 01:28:02 -------- d-----w- c:\program files\Conduit
2011-01-05 01:28:02 -------- d-----w- c:\docume~1\mlindsey\locals~1\applic~1\Conduit
2011-01-05 01:28:01 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-01-05 01:28:01 -------- d-----w- c:\docume~1\mlindsey\locals~1\applic~1\ZoneAlarm_Security
2011-01-05 01:27:39 -------- d-----w- c:\program files\CheckPoint
2011-01-05 01:27:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-01-05 01:27:27 -------- d-----w- c:\windows\system32\ZoneLabs
2011-01-05 01:27:26 -------- d-----w- c:\program files\Zone Labs
2011-01-05 00:33:35 -------- d-----w- c:\windows\Internet Logs
2011-01-02 17:34:19 388096 ----a-r- c:\docume~1\mlindsey\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-02 17:34:19 -------- d-----w- c:\program files\Trend Micro
2011-01-01 20:32:06 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-01 20:32:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-25 21:06:44 -------- d-----w- c:\program files\iPod
2010-12-25 21:06:41 -------- d-----w- c:\program files\iTunes
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-25 20:58:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-24 19:13:18 -------- d-----w- c:\docume~1\mlindsey\applic~1\FreeTorentPlayer
2010-12-24 19:13:16 -------- d-----w- c:\program files\Free Torrent Player
2010-12-17 04:10:13 -------- d-----w- C:\Research in Motion
2010-12-17 04:10:13 -------- d-----w- c:\program files\common files\Research in Motion
2010-12-17 04:10:12 -------- d-----w- c:\program files\AT&T
2010-12-15 06:47:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:42:15 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2011-01-01 21:28:23 15880 ----a-w- c:\windows\system32\xlsdelete.exex
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-22 21:25:34 8974336 ----a-w- c:\windows\system32\icudt34.dll
2010-10-22 21:25:34 839680 ----a-w- c:\windows\system32\icuuc34.dll
2010-10-22 21:25:24 438976 ----a-w- c:\windows\system32\mshflxgd.ocx

============= FINISH: 11:40:30.65 ===============


============== Running Processes ===============

GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-10 16:23:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS722080K9A300 rev.DCBOC54P
Running: gmer.exe; Driver: C:\DOCUME~1\mlindsey\LOCALS~1\Temp\awtcifog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB6E67534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB6E61782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB6E806DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB6E67CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB6E7AEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB6E7B2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB6E84916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB6E67DF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB6E62398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB6E81FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB6E8193C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB6E79DF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB6E8293C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB6E82B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB6E61FAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB6E7D1CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB6E7CDF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB6E838D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB6E83208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB6E670F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB6E842A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB6E677DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB6E6275C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB6E83E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB6E810C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB6E7BF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB6E7BC86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [C0, 7C, E6, B6, B4, AE, E7, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D6C 80504608 8 Bytes CALL 687B8AC3
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 8 Bytes CALL 6882503B
? xddqdwq.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB906B380, 0x2F2807, 0xE8000020]
page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xB9720E34]
? C:\DOCUME~1\mlindsey\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[332] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[332] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[496] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[572] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1024] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1036] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1380] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1480] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[2104] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2656] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3812] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E6AC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E6AC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6E6AC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E6AC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E6AC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B6E6C672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B6E6AC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B6E6CCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B6E6C4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\nvsvc32.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\stsystra.exe[2104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Documents and Settings\mlindsey\Desktop\gmer.exe[3536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Files - GMER 1.0.15 ----

File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\MoviesIntro(2).nib\objects.xib 14820 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\RentedMoviesPlacard(2).nib\objects.xib 4066 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\ShuffleSetup(2).nib\objects.xib 6107 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\StoreCancelPlacard(2).nib\objects.xib 2051 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\StoreCopyrightPlacard(2).nib\objects.xib 2477 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\StoreTracksPlacard(2).nib\objects.xib 6819 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\SummaryBar(2).nib\objects.xib 5921 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\TouchRemoteConfirm(2).nib\objects.xib 8360 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\TouchRemoteSetup(2).nib\objects.xib 8687 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\TVShowsIntro(2).nib\objects.xib 14892 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\VolumeLimitPanel(2).nib\objects.xib 8538 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\en_GB(2).lproj\WelcomeWindow(2).nib\objects.xib 4168 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\About iTunes.rtf 49674 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AboutBox.rtf 28096 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppleTVSetup(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppleTVSetup(2).nib\objects.xib 9271 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppleTVStream(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppleTVStream(2).nib\objects.xib 11260 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppleTVStreamingPrefsBar(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppleTVStreamingPrefsBar(2).nib\objects.xib 2687 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppsPlacard(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AppsPlacard(2).nib\objects.xib 4211 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AutofillPlacard(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\AutofillPlacard(2).nib\objects.xib 6439 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\BooksIntro(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\BooksIntro(2).nib\objects.xib 12337 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\BrowseBar(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\BrowseBar(2).nib\objects.xib 7441 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\CapacityBar(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\CapacityBar(2).nib\objects.xib 3429 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\CDPlaylistPlacard(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\CDPlaylistPlacard(2).nib\objects.xib 4073 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\CleanLyrics.png 4039 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsAdvanced(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsAdvanced(2).nib\objects.xib 6331 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsApps(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsApps(2).nib\objects.xib 12539 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsAudiobooks(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsAudiobooks(2).nib\objects.xib 13210 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsBookmarks(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsBookmarks(2).nib\objects.xib 10885 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsBooks(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsBooks(2).nib\objects.xib 15649 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsCalendars(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsCalendars(2).nib\objects.xib 13741 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsClassicCalendars(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsClassicCalendars(2).nib\objects.xib 5267 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsClassicContacts(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsClassicContacts(2).nib\objects.xib 7978 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsContacts(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsContacts(2).nib\objects.xib 11433 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsFileSharing(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsFileSharing(2).nib\objects.xib 11852 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGames(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGames(2).nib\objects.xib 8448 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneral.nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneral.nib\objects.xib 26100 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneralAppleTV.nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneralAppleTV.nib\objects.xib 19843 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneralAppleTVStreaming.nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneralAppleTVStreaming.nib\objects.xib 14270 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneralPhone.nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsGeneralPhone.nib\objects.xib 17086 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsiTunesU(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsiTunesU(2).nib\objects.xib 20933 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMail(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMail(2).nib\objects.xib 7376 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMobileMe(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMobileMe(2).nib\objects.xib 5301 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMovies(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMovies(2).nib\objects.xib 17474 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMusic(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsMusic(2).nib\objects.xib 28710 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsPhotos(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsPhotos(2).nib\objects.xib 35072 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsPodcasts(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsPodcasts(2).nib\objects.xib 20516 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsRentalItem(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsRentalItem(2).nib\objects.xib 10884 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsRentedMovies(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsRentedMovies(2).nib\objects.xib 5181 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsRingtones(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsRingtones(2).nib\objects.xib 9042 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsTVShows(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsTVShows(2).nib\objects.xib 19779 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsVersion(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DevicePrefsVersion(2).nib\objects.xib 6314 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DJIntro(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DJIntro(2).nib\objects.xib 13174 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DJPlacard(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DJPlacard(2).nib\objects.xib 6691 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DownloadsPlacard(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DownloadsPlacard(2).nib\objects.xib 6975 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DuplicatesPlacard(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\DuplicatesPlacard(2).nib\objects.xib 3555 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\EQWindow(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\EQWindow(2).nib\objects.xib 47134 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\EULA(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\EULA(2).nib\objects.xib 3615 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\GeniusBar(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\GeniusBar(2).nib\objects.xib 11766 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\GeniusDone(2).nib 0 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\GeniusDone(2).nib\objects.xib 4308 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\genresLoc.plist 218 bytes
File C:\Program Files\iTunes(3)\iTunes(2).Resources\es(2).lproj\GoogleLicense.rtf 970 bytes

---- EOF - GMER 1.0.15 ----

Let me know what's next, I look forward to hearing from you and appreciate your help.

Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 10 January 2011 - 07:40 PM

Let's make sure there's no rootkit issues here first

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 January 2011 - 08:13 PM

TDSS reported it found nothing:

2011/01/10 19:48:38.0781 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/10 19:48:38.0781 ================================================================================
2011/01/10 19:48:38.0781 SystemInfo:
2011/01/10 19:48:38.0781
2011/01/10 19:48:38.0781 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/10 19:48:38.0781 Product type: Workstation
2011/01/10 19:48:38.0781 ComputerName: D630ML
2011/01/10 19:48:38.0781 UserName: mlindz
2011/01/10 19:48:38.0781 Windows directory: C:\WINDOWS
2011/01/10 19:48:38.0781 System windows directory: C:\WINDOWS
2011/01/10 19:48:38.0781 Processor architecture: Intel x86
2011/01/10 19:48:38.0781 Number of processors: 2
2011/01/10 19:48:38.0781 Page size: 0x1000
2011/01/10 19:48:38.0781 Boot type: Normal boot
2011/01/10 19:48:38.0781 ================================================================================
2011/01/10 19:48:39.0093 Initialize success
2011/01/10 19:48:41.0500 ================================================================================
2011/01/10 19:48:41.0500 Scan started
2011/01/10 19:48:41.0500 Mode: Manual;
2011/01/10 19:48:41.0500 ================================================================================
2011/01/10 19:48:42.0578 95599981 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\95599981.sys
2011/01/10 19:48:42.0625 95599982 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\95599982.sys
2011/01/10 19:48:42.0750 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/10 19:48:42.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/10 19:48:42.0906 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/10 19:48:43.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/10 19:48:43.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/10 19:48:43.0265 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/10 19:48:43.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/10 19:48:43.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/10 19:48:43.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/10 19:48:43.0421 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/10 19:48:43.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/10 19:48:43.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/10 19:48:43.0500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/10 19:48:43.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/10 19:48:43.0562 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/10 19:48:43.0593 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/01/10 19:48:43.0765 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/10 19:48:43.0796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/10 19:48:44.0031 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/10 19:48:44.0406 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/10 19:48:44.0593 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/10 19:48:44.0609 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/10 19:48:44.0625 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/10 19:48:44.0656 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/10 19:48:44.0671 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/10 19:48:44.0687 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/10 19:48:44.0703 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/10 19:48:44.0718 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/10 19:48:44.0750 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/10 19:48:44.0781 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/10 19:48:44.0953 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/10 19:48:45.0046 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/10 19:48:45.0093 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/10 19:48:45.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/10 19:48:45.0187 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/10 19:48:45.0218 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/10 19:48:45.0265 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/01/10 19:48:45.0390 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/10 19:48:45.0421 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/10 19:48:45.0593 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/10 19:48:45.0687 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/10 19:48:45.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/10 19:48:45.0750 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/10 19:48:45.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/10 19:48:45.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/10 19:48:45.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/10 19:48:45.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/10 19:48:45.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/10 19:48:46.0015 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
2011/01/10 19:48:46.0062 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/10 19:48:46.0093 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/10 19:48:46.0234 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/10 19:48:46.0265 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/10 19:48:46.0406 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/10 19:48:46.0437 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/01/10 19:48:46.0531 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/10 19:48:46.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/10 19:48:46.0843 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/10 19:48:46.0921 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/10 19:48:47.0000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/10 19:48:47.0031 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/10 19:48:47.0078 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/10 19:48:47.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/10 19:48:47.0187 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/10 19:48:47.0234 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/10 19:48:47.0250 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/10 19:48:47.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/10 19:48:47.0453 ISWKL (5c7c9ea45700f5187f71eb7b0dab18c5) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/01/10 19:48:47.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/10 19:48:47.0562 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/10 19:48:47.0593 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/10 19:48:47.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/10 19:48:47.0781 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/01/10 19:48:47.0843 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/01/10 19:48:47.0953 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/10 19:48:48.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/10 19:48:48.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/10 19:48:48.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/10 19:48:48.0078 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/10 19:48:48.0093 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/10 19:48:48.0218 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/01/10 19:48:48.0250 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/01/10 19:48:48.0281 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/10 19:48:48.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/10 19:48:48.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/10 19:48:48.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/10 19:48:48.0578 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/10 19:48:48.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/10 19:48:48.0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/10 19:48:48.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/10 19:48:48.0828 NAVENG (d8f9e712479f2f8dc8c3524a62365f95) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080919.007\naveng.sys
2011/01/10 19:48:48.0906 NAVEX15 (0b127bbe41300dede016e86e47329cdd) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080919.007\navex15.sys
2011/01/10 19:48:49.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/10 19:48:49.0062 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/10 19:48:49.0125 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/10 19:48:49.0140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/10 19:48:49.0265 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/10 19:48:49.0328 NEOFLTR_650_15215 (dfd05c1c7c1fdf2ec36d0f8b66aed444) C:\WINDOWS\system32\Drivers\NEOFLTR_650_15215.SYS
2011/01/10 19:48:49.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/10 19:48:49.0421 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/10 19:48:49.0640 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/01/10 19:48:49.0828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/10 19:48:49.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/10 19:48:49.0953 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/10 19:48:50.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/10 19:48:50.0265 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/10 19:48:50.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/10 19:48:50.0562 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/10 19:48:50.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/10 19:48:50.0671 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/10 19:48:50.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/10 19:48:50.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/10 19:48:50.0828 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/01/10 19:48:50.0890 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/10 19:48:50.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/10 19:48:50.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/10 19:48:51.0046 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/01/10 19:48:51.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/10 19:48:51.0359 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/10 19:48:51.0406 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/10 19:48:51.0453 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/10 19:48:51.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/10 19:48:51.0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/10 19:48:51.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/10 19:48:51.0687 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/10 19:48:51.0718 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/10 19:48:51.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/10 19:48:51.0781 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/10 19:48:51.0859 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/10 19:48:51.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/10 19:48:51.0953 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/01/10 19:48:52.0000 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/10 19:48:52.0140 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/01/10 19:48:52.0156 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/01/10 19:48:52.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/10 19:48:52.0265 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/10 19:48:52.0312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/10 19:48:52.0421 setup_9.0.0.722_08.01.2011_14-36drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\9559998.sys
2011/01/10 19:48:52.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/01/10 19:48:52.0781 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/01/10 19:48:52.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/10 19:48:52.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/10 19:48:53.0015 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/10 19:48:53.0171 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/10 19:48:53.0234 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/01/10 19:48:53.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/10 19:48:53.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/10 19:48:53.0343 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/01/10 19:48:53.0406 SWNC8U80 (7ae593fe3d78195987505da0a7e91542) C:\WINDOWS\system32\DRIVERS\swnc8u80.sys
2011/01/10 19:48:53.0500 SWUMX80 (3076a3bb7c340bbf851075dd2ebad03f) C:\WINDOWS\system32\DRIVERS\swumx80.sys
2011/01/10 19:48:53.0765 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2011/01/10 19:48:53.0812 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/01/10 19:48:53.0843 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/01/10 19:48:54.0000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/10 19:48:54.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/10 19:48:54.0156 tcpipBM (9b05aa8089f4ea1bc31208ede33969f3) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/01/10 19:48:54.0187 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/10 19:48:54.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/10 19:48:54.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/10 19:48:54.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/10 19:48:54.0515 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/10 19:48:54.0578 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/10 19:48:54.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/10 19:48:54.0671 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/10 19:48:54.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/10 19:48:54.0875 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/10 19:48:54.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/10 19:48:54.0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/10 19:48:55.0031 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/10 19:48:55.0093 uti2nzg0 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti2nzg0.sys
2011/01/10 19:48:55.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/10 19:48:55.0234 VolSnap (31d4c8995b6bd21ee5b95ca631480cfc) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/10 19:48:55.0359 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/01/10 19:48:55.0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/10 19:48:55.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/10 19:48:55.0625 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/10 19:48:55.0718 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/01/10 19:48:55.0796 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/01/10 19:48:55.0843 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/10 19:48:55.0906 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/01/10 19:48:55.0968 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/01/10 19:48:56.0062 Wpsnuio (904571ee28f8f7d98b3ef1635a77c6d4) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
2011/01/10 19:48:56.0093 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/10 19:48:56.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/10 19:48:56.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/10 19:48:56.0375 ================================================================================
2011/01/10 19:48:56.0375 Scan finished
2011/01/10 19:48:56.0375 ================================================================================

-------------------------------

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F13000 atapi.sys
0xBA338000 cercsr6.sys
0xB9EFB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EDB000 fltmgr.sys
0xB9EC9000 sr.sys
0xBA118000 Lbd.sys
0xB9EB3000 DRVMCDB.SYS
0xBA128000 PxHelp20.sys
0xB9E9C000 KSecDD.sys
0xB9E0F000 Ntfs.sys
0xB9DE2000 NDIS.sys
0xB9DC8000 Mup.sys
0xBA138000 95599982.sys
0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB906B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9057000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9033000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB900B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8DE9000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB8DBE000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA198000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA420000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA598000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5C6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8D9B000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA430000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0xBA6AF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5C8000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA438000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9DA4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8D73000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA448000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA458000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB8D43000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8CE5000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D88000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9D84000 \SystemRoot\system32\drivers\WmBEnum.sys
0xBA248000 \SystemRoot\system32\drivers\WmXlCore.sys
0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA268000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7B85000 \SystemRoot\system32\drivers\sthda.sys
0xB7B61000 \SystemRoot\system32\drivers\portcls.sys
0xBA278000 \SystemRoot\system32\drivers\drmk.sys
0xB7B2D000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB7A3B000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB7988000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB7081000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xB706D000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xB6FB1000 \SystemRoot\system32\DRIVERS\9559998.sys
0xBA2E8000 \SystemRoot\System32\Drivers\oz776.sys
0xBA570000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6B5000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA4B0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA348000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA368000 \SystemRoot\System32\drivers\vga.sys
0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA370000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA378000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA57C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6F7E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6F25000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA380000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0xB6ED7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB6EBF000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_15215.SYS
0xB6E84000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6E5C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB6DDB000 \SystemRoot\System32\vsdatant.sys
0xB8CE1000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6DB9000 \SystemRoot\System32\drivers\afd.sys
0xB9746000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6D8E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6D1E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9736000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6CC0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB6CA3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB6783000 \SystemRoot\system32\DRIVERS\95599981.sys
0xB9716000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6743000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA602000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7464000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9756000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA6C6000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB42EB000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xBA3C8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA64C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA3D0000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xBA3D8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB42D5000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB42BE000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB4337000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB432F000 \SystemRoot\system32\DRIVERS\wpsnuio.sys
0xBA4A8000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB3E59000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3EB2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3BEC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB409E000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA478000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB1637000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3D71000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3D59000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3EAA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
864 C:\WINDOWS\system32\smss.exe
944 csrss.exe
976 C:\WINDOWS\system32\winlogon.exe
1020 C:\WINDOWS\system32\services.exe
1032 C:\WINDOWS\system32\lsass.exe
1236 C:\WINDOWS\system32\svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1504 svchost.exe
1528 svchost.exe
1656 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
576 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
612 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
740 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1724 C:\WINDOWS\system32\spoolsv.exe
2036 svchost.exe
388 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
456 C:\Program Files\Symantec AntiVirus\DefWatch.exe
472 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
528 C:\WINDOWS\system32\svchost.exe
312 C:\WINDOWS\system32\svchost.exe
852 C:\WINDOWS\system32\nvsvc32.exe
1352 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
272 C:\WINDOWS\system32\svchost.exe
1316 alg.exe
2756 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
3672 C:\WINDOWS\system32\taskmgr.exe
4072 C:\WINDOWS\explorer.exe
3476 C:\Documents and Settings\mlindz\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS722080K9A300, Rev: DCBOC54P

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 10 January 2011 - 08:17 PM

Good logs there.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 January 2011 - 08:50 PM

ComboFix 11-01-10.04 - mlindsey 01/10/2011 20:35:21.1.2 - x86
Running from: c:\documents and settings\mlindsey\Desktop\comfix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mlindsey\g2mdlhlpx.exe
c:\documents and settings\mlindsey\Local Settings\Temporary Internet Files\pse_350_enu.exe
c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-08 16:12 . 2011-01-08 16:12 7168 ----a-w- c:\windows\system32\drivers\uti2nzg0.sys
2011-01-08 16:08 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\95599982.sys
2011-01-08 16:08 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\9559998.sys
2011-01-08 16:08 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\95599981.sys
2011-01-08 15:35 . 2011-01-08 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-01-05 01:27 . 2011-01-05 01:27 -------- d-----w- c:\program files\Zone Labs
2011-01-05 00:33 . 2011-01-11 01:43 -------- d-----w- c:\windows\Internet Logs
2011-01-02 17:34 . 2011-01-02 17:34 388096 ----a-r- c:\documents and settings\mlindsey\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-02 17:34 . 2011-01-02 17:34 -------- d-----w- c:\program files\Trend Micro
2011-01-01 20:32 . 2011-01-01 20:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-25 21:06 . 2010-12-25 21:06 -------- d-----w- c:\program files\iPod
2010-12-25 21:06 . 2010-12-25 21:07 -------- d-----w- c:\program files\iTunes
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-25 20:58 . 2010-12-25 20:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-24 19:13 . 2010-12-24 19:21 -------- d-----w- c:\documents and settings\mlindsey\Application Data\FreeTorentPlayer
2010-12-24 19:13 . 2010-12-24 19:13 -------- d-----w- c:\program files\Free Torrent Player
2010-12-17 04:10 . 2010-12-17 04:10 -------- d-----w- C:\Research in Motion
2010-12-17 04:10 . 2010-12-17 04:10 -------- d-----w- c:\program files\Common Files\Research in Motion
2010-12-17 04:10 . 2010-12-17 04:10 -------- d-----w- c:\program files\AT&T
2010-12-15 06:47 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:42 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 23:30 . 2004-08-04 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-01-01 21:28 . 2010-01-11 17:59 15880 ----a-w- c:\windows\system32\xlsdelete.exex
2010-12-20 23:09 . 2010-12-11 04:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-11 04:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 01:55 . 2010-11-28 01:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:12 . 2007-09-11 17:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 20:22 . 2010-11-08 20:21 29762164 ----a-w- C:\JDBC.zip
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 02:23 . 2010-10-27 00:13 664 ----a-w- c:\documents and settings\mlindsey\Local Settings\Application Data\d3d9caps.tmp
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-22 21:25 . 2008-08-27 18:58 8974336 ----a-w- c:\windows\system32\icudt34.dll
2010-10-22 21:25 . 2008-08-27 18:58 839680 ----a-w- c:\windows\system32\icuuc34.dll
2010-10-22 21:25 . 2000-05-22 20:58 438976 ----a-w- c:\windows\system32\mshflxgd.ocx
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 16:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]

c:\documents and settings\mlindsey\Start Menu\Programs\Startup\
setup_9.0.0.722_08.01.2011_14-36.lnk - c:\documents and settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\startup.exe [2011-1-8 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamUI.exe"=
"c:\\Program Files\\Free Torrent Player\\FreeTorrentPlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-21 113152]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-29 30192]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
R3 uti2nzg0;AVZ Kernel Driver;c:\windows\system32\Drivers\uti2nzg0.sys [2011-01-08 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1ca838527eeff06;Google Update Service (gupdate1ca838527eeff06);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 133104]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-01 1389400]
S0 95599982;95599982 Boot Guard Driver;c:\windows\system32\DRIVERS\95599982.sys [2009-10-22 37392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 95599981;95599981;c:\windows\system32\DRIVERS\95599981.sys [2009-09-25 128016]
S1 NEOFLTR_650_15215;Juniper Networks TDI Filter Driver (NEOFLTR_650_15215);c:\windows\system32\Drivers\NEOFLTR_650_15215.SYS [2010-02-10 85360]
S1 setup_9.0.0.722_08.01.2011_14-36drv;setup_9.0.0.722_08.01.2011_14-36drv;c:\windows\system32\DRIVERS\9559998.sys [2009-10-10 315408]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 488952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-01-18 102448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-28 15264]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 21:27]

2011-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-19 16:48]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 04:05]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 04:05]

2011-01-04 c:\windows\Tasks\Norton Security Scan for mlindsey.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-08 14:06]

2011-01-05 c:\windows\Tasks\User_Feed_Synchronization-{33C1A90C-D44A-4CB6-9ABC-31A9D2E3FF8B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: netezza.com\connect
Trusted Zone: netezza.com\docushare2
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CardScan AutoSync - (no file)
AddRemove-Teamspeak 2 RC2_is1 - c:\program files\Teamspeak2_RC2\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1032)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2011-01-10 20:47:28
ComboFix-quarantined-files.txt 2011-01-11 01:47

Pre-Run: 29,914,963,968 bytes free
Post-Run: 30,000,304,128 bytes free

- - End Of File - - 8D4AD9B0D8E842C187C34F676613DFF8

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 11 January 2011 - 06:38 PM

Okay. Please run the ESET online scanner to pick off anything else

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Please let me know how the PC is performing too.
Posted Image
m0le is a proud member of UNITE

#9 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 12 January 2011 - 10:13 AM

OK, I ran ESET and it found 1 infection:

C:\Documents and Settings\mlindsey\Application Data\Sun\Java\Deployment\cache\6.0\7\42c01087-7e744b2d a variant of Java/Exploit.Agent.W trojan deleted - quarantined

The system seems to be running much better and I am not getting browser redirects any longer.

However when I tried to install the Kaspersky Antivirus I am still getting a message it can't install as the system appears to be infected?

By the way, I appreciate you responding on your birthday, I wish you a happy if belated one.

Cheers!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 12 January 2011 - 06:16 PM

You're welcome. Can I ask what Kaspersky is specifically saying?

In the meantime please run MBAM and SAS to look for adware

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#11 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 13 January 2011 - 03:08 PM

I have attached a screenshot of the Kaspersky message.

The first time I ran Malwarebytes I got a BSOD (nv4_mini.sys)

Restarted and ran again - nothing found:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5508

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2011 10:45:27 AM
mbam-log-2011-01-13 (10-45-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 361958
Time elapsed: 1 hour(s), 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I then ran SAS and got a couple of hits:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/13/2011 at 12:53 PM

Application Version : 4.47.1000

Core Rules Database Version : 6191
Trace Rules Database Version: 4003

Scan type : Complete Scan
Total Scan Time : 01:21:17

Memory items scanned : 407
Memory threats detected : 0
Registry items scanned : 8556
Registry threats detected : 6
File items scanned : 39121
File threats detected : 783

Trojan.Agent/Gen
HKLM\System\ControlSet003\Services\uti2nzg0
C:\WINDOWS\SYSTEM32\DRIVERS\UTI2NZG0.SYS
HKLM\System\ControlSet003\Enum\Root\LEGACY_uti2nzg0
HKLM\System\ControlSet004\Services\uti2nzg0
HKLM\System\ControlSet004\Enum\Root\LEGACY_uti2nzg0
HKLM\System\CurrentControlSet\Services\uti2nzg0
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_uti2nzg0

Adware.Tracking Cookie
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA2RZWHM.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trafficmp[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad1.clickhype[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sec1.liveperson[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.as4x.tmcs[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@iacas.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ajchomefinder[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tribalfusion[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.paypal[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.mediageeks[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findarticles[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@a.findarticles[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adlegend[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@wachovia.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trvlnet.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@datadirect.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@3d-sexgames[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.manticoretechnology[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stateofgeorgia.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA9D8BEK.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dtag.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.linuxjournal[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server.iad.liveperson[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@foxnews.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sec1.liveperson[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads2.firingsquad[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@counter.goingup[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@highbeam.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@overture[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@myaccount.bellsouth[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@linuxquestions[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cnn[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@imrworldwide[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@specificclick[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.m5prod[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@specificclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@revsci[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@edge.ru4[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.burstbeacon[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.yieldmanager[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media.photobucket[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adopt.euroclick[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA2KN0RX.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.us.e-planning[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@collective-media[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@yieldmanager[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findinres[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@click.email-publisher[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adinterax[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.shorttail[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hertz.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cms.trafficmp[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@content.yieldmanager[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@rocku.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@na.blogads[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@acronymfinder[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@serving-sys[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sexygames[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@richmedia.yahoo[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@questionmarket[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@paypal.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pointroll[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.monster[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ru4[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.bittorrent[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clicktracks.aristotle[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sojern.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@yieldmanager[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@salesforce.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@login.tracking101[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@gmgmacmortgage.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@p216t1s859070.kronos.bravenetmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@admarketplace[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.associatedcontent[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.bridgetrack[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserving.autotrader[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@xiti[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@earthlink.122.2o7[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@healthgrades.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stat.dealtime[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@nissancreditcorporation.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.thewinecountry[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bs.serving-sys[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserver.virtual-strategy[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.visitor-track[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@athensclarkecounty[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad101com.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@at.atwola[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediaforge[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@realmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@usatoday1.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.realtechnetwork[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adecn[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@track.bestbuy[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cgm.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.fordaq[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cbs.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@chitika[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@invitemedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserver.adtechus[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.barnonedrinks[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@msnbc.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.halstats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@e-2dj6wakookdpkdp.stats.esomniture[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.foxnews[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@e-2dj6wgmyumcpico.stats.esomniture[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@equifax.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@citi.bridgetrack[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@crackle[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cnetaustralia.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@acpmagazines.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bannerads.wedalert[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.foundry42[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@azjmp[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@randomhouse.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@superstats[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@beacon.dmsinsights[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mason.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ittoolbox.122.2o7[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@m1.webstats.motigo[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@viacom.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.zanox[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bridge1.admarketplace[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trackalyzer[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.3dstats[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@web4.realtracker[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.vacationsmadeeasy[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@banners.adventory[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.fastbooking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@timeinc.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@euroclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@livenation.122.2o7[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ibm.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@videoegg.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@zimmerman.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adp.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@coxtravelchannel.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@click.fastpartner[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hotlog[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adv.dmv[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@smartmoney.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@qnsr[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@web-stat[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.foundry42[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.socialtrack[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bizjournals.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@phhmortgage.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@z.blogads[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.ookla[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@libertytaxservice.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dmtracker[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.telegraph.co[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@go.globaladsales[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pornhost[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.undertone[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@rrpartners.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@nextag[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adtech[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@eb.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.warcraftmovies[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@naiadsystems[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server2.bkvtrack[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.wsod[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clicktorrent[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pluckit.demandmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CATEU59D.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad2.doublepimp[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adfarm1.adition[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@extrovert.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.infinisource[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@zedo[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ice.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ar.atwola[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.finra[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@calltracking.dealerpro[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.r0.d2roi[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@2buy1click[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fr.sitestat[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@samsclub.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@goodyear.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@counter.rewardsnetwork[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@counter.surfcounters[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.safelite[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.pgatour[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@jacksoncountygov[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@kauffmantire.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@roiservice[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediaonenetwork[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@thewinecountry[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.associatedcontent[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@app.insightgrit[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@f2network.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@slingmedia.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@myroitracking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.addesktop[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.shutterfly[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.adultadvertising[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.lucidmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.masshightech[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.foodbuzz[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CATV3OTG.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@albertoculver.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ar.atwola[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz5.91447.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media.medhelp[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@d.mediaforceads[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@snap9.advertserve[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@telefloracom.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.veoh[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@traveladvertising[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@alexanderinteractive.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.ad4game[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.pubmatic[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@gaylordentertainment.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ecnext.advertserve[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.etracker.com[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@marriottinternational.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@indigio.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@focalex[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@intrepidtravel.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.meredithads[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.w3counter[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bleepovermyex[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@eas.apm.emediate[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@usnews.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.addfreestats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@rambler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@levelwing.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.denverbroncos[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@elite-gaming-community[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@smartadserver[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findlaw[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@americancancersocietyinc.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.godatafeed[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad2.clickhype[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@zackselite[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@netgear.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@forums.crackberry[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.advertisingb2b[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pointroll[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@legolas-media[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hotelscom.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@giftscom.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@yellowpages.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@crackberry[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserver.adreactor[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cdn4.specificclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@insightexpressai[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tourismnt.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.widgetbucks[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@infoworldmediagroup.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fultoncountytaxes[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.vegas[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trackingcdn.porsche[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.rambler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@goodyeartires.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@eyewonder[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@kontera[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAHI5NF7.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@transunioninteractive.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracker.freerun[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@visabureau.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@rcci.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@find.myrecipes[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@snagajob.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.healthcare[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA3BW6YC.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trafficlinker[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@msntrademarketing.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@premierinc.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.like[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cracked[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@gettyimages.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@find.mapmuse[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz10.91452.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@topspot.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.porsche[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.sitesuite[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cb.adbureau[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@traffic.buyservices[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pathfinder[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.sensismediasmart.com[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediabistro[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@viator.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.winecountry.com[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.lsfinteractive[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@we7.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media.sensis.com[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cleverconcepts[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@msnportal.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickfox.app6.hubspot[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@atdmt[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@americanexpress.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@amex-insights[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.clickfox[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@marthastewart.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adsdot.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cisco.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hornymatches[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sensismediasmart.com[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@infotech.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clubmed.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@thinkgeek.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.visitortracklog[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@advertise[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@foxinteractivemedia.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adult.adsverse[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracker.leadinglinkanalytics[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clearlink.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@account.woot[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.qsstats[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@lucidmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.icityfind[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media.xfire[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@burstbeacon[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@harrahs.112.2o7[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAHX490U.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.gmodules[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stpetersburgtimes.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@questionpro[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@questionpro[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@intermundomedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@specificmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.ourstage[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@advertisingb2b[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adxpose[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@buycom.db.advertising[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads1.adultadvertising[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cmp.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@jpmorganchase.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserv.tacticalgamer[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mohg.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.whaleads[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.cracked[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@game-advertising-online[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@uk.sitestat[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.plomedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@flairviewtravel.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adcentriconline[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cellartracker[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.paragraphpublishing[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.guru3d[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fultoncountyga[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@a1.interclick[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ciscowebex.112.2o7[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@xfire.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.lunamedia.com[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cdn5.specificclick[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CANYC096.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@valueclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.crakmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserver.paleymedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@xm.xtendmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[10].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAHLSYRK.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.windowsmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickboothlnk[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tacoda[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@zanox[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media.adfrontiers[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.stackoverflow[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@in.getclicky[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@microsoftwllivemkt.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.mexconnect[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@247realmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@realmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@foxfilmedentertainment.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@walmart.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickfox[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserver.docomointertouch[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.etracker[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.linuxquestions[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.commonmediainc[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@yahooflickr.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[8].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.thefrisky[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.escapeartist[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@corp.whatcounts[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hpi.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAI4JSNQ.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[6].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.qsstats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[9].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA9339DX.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@uk.sitestat[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickshift[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@perf.overture[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAE2B663.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@superpages.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sexier[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.traffikings[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hearstugo.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@t3.trackalyzer[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.thetradenews[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@assetinternational.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@eaeacom.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cpxadroit[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@link.mercent[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@wiki.linuxquestions[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ordie.adbureau[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ext-us.bestofmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CARLXCRQ.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bizrate[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pentonmedia.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@wpni.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@occ.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@govtrack[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@progresssoftware.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.neudesicmediagroup[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@generalelectric.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[7].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.studentdoctor[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@uk.sitestat[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@usairways.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@toplist[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mtvn.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www6.addfreestats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fast-track[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@p1811.superclick[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@click.mediadome[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ameriprisestats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@examinercom.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.msexchange[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@buycom.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAVP1MEG.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cnetasiapacific.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cn.clickable[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@oasn04.247realmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hc2.humanclick[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.greentechmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@content.yieldmanager[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAQJ9VFY.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@public.findlaw[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@elitefitness[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@metroleap.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAF20OHZ.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@himedia.individuad[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@winecountry.com[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dealtime[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@discounthealthinsurnace[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz4.91447.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@canoe.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@limaconsulting.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.zeusclicks[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.pointroll[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@napco.rotator.hadj1.adjuggler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.dealtime[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@cdn1.trafficmp[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.rodnreel[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@publishers.clickbooth[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAJVG88S.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@wt.xxxcupid[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@steelhousemedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@msexchange[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@standardcharteredbank.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bahamasministryoftourism.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAK2WJJ5.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@e-2dj6wcmiepc5keo.stats.esomniture[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@edgeadx[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www8.addfreestats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@amznshopbop.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@target.db.advertising[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@jigsaw.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fortunecity[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAORX6E7.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@atwola[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dc.tremormedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[11].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAMUN9JV.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.xxxcupid[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hawaiianairlines.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mshanken.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@onetoone.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@rm.yieldmanager[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CADIZT6P.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bravenet[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@revsci[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@amazonmerchants.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[6].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@civicrm.wikimedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findtheword[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@support.mediafire[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adxpansion[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.hostgator[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAFK2X8B.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findinshape[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.findstuff[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.justhost[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA6TA33V.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@themis-media[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.3tailer[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@img.thefind[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server.cpmstar[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@greentechmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@csm.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@finditquick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@concurtechnologies.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adultfriendfinder[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAQPAA66.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@theclickcheck[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.lycos[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA00LQB9.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@australiapost.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@openstat[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAJNPOH5.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[8].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAHN3PJ2.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickthrough.kanoodle[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.react2media[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@interchangecorporation.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@thefind[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@webex.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz10.91452.get-search-results[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CAFSZ7WM.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz7.91447.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@visitracker[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CATMWTN1.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stat.onestat[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@partypoker[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@condenast.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.blogtalkradio[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@citmedialaw[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.upscaleswagger[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediabrandsww[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@n-traffic[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@top5countdown.mevio[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@interclick[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clicksor[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sexycreations[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pro-market[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@brownshoe.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads2.backads[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@xxxcupid[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@account.live[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.tmnetads[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tacoda.at.atwola[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@affiliates.commissionaccount[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz10.91447.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[11].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@smallbusiness.findlaw[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@prnewswire.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz2.91452.get-search-results[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@rotator.adjuggler[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@magnet.traffic[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.candystand[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@network.realmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz1.91447.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz3.91452.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adserving.ezanga[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@homestore.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[10].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@liveperson[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@hyatt.112.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@gscounters.gigya[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[7].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA209TVQ.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[9].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz9.91447.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CACWXWJ0.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clicks.fastgetonline[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediafire[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CA406RFR.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@CASD6P57.txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media6degrees[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@andomedia[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@eset.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.watchmygf[2].txt
a.ads2.msads.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
ads1.msn.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
ads2.msads.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
b.ads2.msads.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
cdn.eyewonder.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
cdn.insights.gravity.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
cdn2.invitemedia.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
cdn4.specificclick.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
cdn5.specificclick.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
core.insightexpressai.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
crackle.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
ec.atdmt.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
googleads.g.doubleclick.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
ia.media-imdb.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
imagec05.247realmedia.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
input.insights.gravity.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
interclick.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
m1.2mdn.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media-dev.pictela.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.cnbc.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.heavy.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.mtvnservices.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.nbclosangeles.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.scanscout.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.spicynodes.org [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media.tattomedia.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media1.break.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
media10.washingtonpost.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
msnbcmedia.msn.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
naiadsystems.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
objects.tremormedia.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
oddcast.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
s0.2mdn.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
secure-us.imrworldwide.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
spe.atdmt.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
static.2mdn.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
static.xxxcupid.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
udn.specificclick.net [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
www.3d-sexgames.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
www.naiadsystems.com [ C:\Documents and Settings\mlindsey\Application Data\Macromedia\Flash Player\#SharedObjects\F4AT36WY ]
C:\Documents and Settings\mlindsey\Cookies\mlindsey@imrworldwide[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@counter.rewardsnetwork[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@imrworldwide[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@wireandmedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@banners.sys-con[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@imrworldwide[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[7].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@wimbledon.mediazone[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@neocounter.neoworx-blog-tools[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server.lon.liveperson[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server.lon.liveperson[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[8].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adv.ecape[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.soft32[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@content.yieldmanager[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@yieldmanager[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@yadro[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[5].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[9].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@discounttire[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[6].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.discounttire[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.ajchomefinder[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.googleadservices[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@p1811.superclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.us.e-planning[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@sales.liveperson[10].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@nextag[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@statcounter[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@revsci[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adinterax[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adinterax[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediapromoter[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@revsci[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@nextag[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@a1.interclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@superstats[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media.pinksheets[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.m5prod[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dmtracker[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dmtracker[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@optimost[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@clickpayz6.91452.information-seeking[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@secure.mediazone[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server.cpmstar[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@interclick[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.yieldmanager[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.yieldmanager[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@burstbeacon[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.m5prod[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@questionmarket[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@server.cpmstar[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@advertise[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.burstbeacon[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@invitemedia[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@invitemedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@pathfinder[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@tracking.foxnews[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@eyewonder[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@adecn[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@burstnet[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediazone[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediaplex[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ecnext.advertserve[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@andomedia[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@andomedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@andomedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@googleads.g.doubleclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dc.tremormedia[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@mediaonenetwork[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@dc.tremormedia[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cnn[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@chitika[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@chitika[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@bluestreak[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@myaccount.bellsouth[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@websponsors[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@qnsr[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cnn[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cnn[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.cnn[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@xiti[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.tcm[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.foodbuzz[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@collective-media[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.ft[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@collective-media[4].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@collective-media[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ads.ft[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@collective-media[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stat.dealtime[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.burstnet[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@richmedia.yahoo[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@partner2profit[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@atwola[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@serving-sys[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@atwola[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@partner2profit[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@partner2profit[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fastclick[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@stats.townnews[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@www.3d-sexgames[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@journalregistercompany.122.2o7[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@a.findarticles[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@specificmedia[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@specificmedia[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@ad.associatedcontent[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@a.findarticles[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@media6degrees[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findarticles[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@fast-track[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@xml.trafficengine[2].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@findarticles[3].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@trackalyzer[1].txt
C:\Documents and Settings\mlindsey\Cookies\mlindsey@track.bestbuy[2].txt
.divx.112.2o7.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.122.2o7.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.findinshape.org [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.icityfind.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.plomedia.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.findstuff.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kaspersky.122.2o7.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.findincaso.org [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eset.122.2o7.net [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ehg-eset.hitbox.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Documents and Settings\mlindsey\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Trojan.Agent/Gen-FraudPack
C:\PROGRAM FILES\BASICAWARE\EVEWALLETAWARE\BADATETIME.DLL

Trojan.Agent/Gen-FakeSoft
C:\SYSTEM VOLUME INFORMATION\_RESTORE{915950EB-8C13-4722-B1D2-8A37A967E18D}\RP678\A0135780.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{915950EB-8C13-4722-B1D2-8A37A967E18D}\RP679\A0136843.DLL

After rebooting and getting the log I tried to install Kaspersky Anti-Virus 2011 and got the same message again....

Attached Files

  • Attached File  kspy.png   209.61KB   2 downloads


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 13 January 2011 - 08:16 PM

Please uninstall Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.

AVG now flags it as malware and that could be the problem.
Posted Image
m0le is a proud member of UNITE

#13 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 14 January 2011 - 01:33 PM

Deleted combofix and tried to install Kaspersky AV again, same message.

Ran MBRcheck and BitDefender, logs attached - looks like I've still got some issues.....

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F13000 atapi.sys
0xBA338000 cercsr6.sys
0xB9EFB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EDB000 fltmgr.sys
0xB9EC9000 sr.sys
0xBA118000 Lbd.sys
0xB9EB3000 DRVMCDB.SYS
0xBA128000 PxHelp20.sys
0xB9E9C000 KSecDD.sys
0xB9E0F000 Ntfs.sys
0xB9DE2000 NDIS.sys
0xB9DC8000 Mup.sys
0xBA138000 95599982.sys
0xBA148000 34145122.sys
0xBA168000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB906E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB905A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9036000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB900E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8DEC000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB8DC1000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA430000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA594000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5C6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8D9E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA440000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0xBA6AC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5C8000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA448000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D87000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8D76000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA238000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA468000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB8D46000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8CE8000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9D88000 \SystemRoot\system32\drivers\WmBEnum.sys
0xBA258000 \SystemRoot\system32\drivers\WmXlCore.sys
0xBA268000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7B88000 \SystemRoot\system32\drivers\sthda.sys
0xB7B64000 \SystemRoot\system32\drivers\portcls.sys
0xBA288000 \SystemRoot\system32\drivers\drmk.sys
0xB7B30000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB7A3E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB798B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB709E000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xB708A000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xB6FB4000 \SystemRoot\system32\DRIVERS\3414512.sys
0xBA2E8000 \SystemRoot\System32\Drivers\oz776.sys
0xBA564000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xBA5DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA68C000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA368000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA370000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA378000 \SystemRoot\System32\drivers\vga.sys
0xBA5E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA380000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA388000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA570000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6F81000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6F28000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA390000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0xB6EDA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB6EC2000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_15215.SYS
0xB6E87000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6E5F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6DDE000 \SystemRoot\System32\vsdatant.sys
0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA588000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6DBC000 \SystemRoot\System32\drivers\afd.sys
0xB9769000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6D9A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA3A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB6D6F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6CFF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9759000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6CA1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB6C84000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB6764000 \SystemRoot\system32\DRIVERS\95599981.sys
0xB6244000 \SystemRoot\system32\DRIVERS\34145121.sys
0xB9729000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6204000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB76B4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA74D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA2F8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA78A000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB3DAC000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xBA3E8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA64C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA3F0000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xBA3F8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB3D96000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB3D7F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB3DFC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3DF4000 \SystemRoot\system32\DRIVERS\wpsnuio.sys
0xBA4A0000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB3942000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB396F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3685000 \SystemRoot\system32\drivers\wdmaud.sys
0xB37CA000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB1188000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
864 C:\WINDOWS\system32\smss.exe
936 csrss.exe
968 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1024 C:\WINDOWS\system32\lsass.exe
1236 C:\WINDOWS\system32\svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1504 svchost.exe
1528 svchost.exe
1568 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
556 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
600 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
856 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
920 C:\WINDOWS\system32\spoolsv.exe
1368 svchost.exe
796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1076 C:\Program Files\Symantec AntiVirus\DefWatch.exe
1160 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
1428 C:\WINDOWS\system32\svchost.exe
1448 C:\WINDOWS\system32\svchost.exe
272 C:\WINDOWS\system32\svchost.exe
1588 C:\WINDOWS\system32\nvsvc32.exe
1632 C:\WINDOWS\system32\svchost.exe
1716 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
180 C:\WINDOWS\system32\svchost.exe
1688 alg.exe
1628 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
2784 C:\WINDOWS\explorer.exe
596 C:\Program Files\Internet Explorer\iexplore.exe
1936 C:\Program Files\Internet Explorer\iexplore.exe
3144 C:\Program Files\Google\Chrome\Application\chrome.exe
360 C:\Program Files\Google\Chrome\Application\chrome.exe
2744 C:\Documents and Settings\mlindsey\My Documents\FIXES\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS722080K9A300, Rev: DCBOC54P

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



BitDefender Online Scanner


Scan report generated at: Fri, Jan 14, 2011 - 12:21:14



Scan path: C:\;D:\;







Statistics

Time
02:22:40

Files
900446

Folders
19749

Boot Sectors
0

Archives
9214

Packed Files
22272




Results

Identified Viruses
4

Infected Files
12

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
13




Engines Info

Virus Definitions
6647259

Engine build
AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

Scan plugins
18

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\0142dd56061c8b42.klq=>(Quarantine-6)
Infected with: Trojan.FakeAlert.TK

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\0142dd56061c8b42.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\0142dd56061c8b42.klq
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/a$1.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/a$1.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/a.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/a.class
Disinfection failed

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/a.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/b.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/b.class
Disinfection failed

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/b.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/KAVS.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)=>bpac/KAVS.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\1c0295551fa0fa6c.klq
Update failed

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/a$1.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/a$1.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/a.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/a.class
Disinfection failed

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/a.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/b.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/b.class
Disinfection failed

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/b.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/KAVS.class
Infected with: Java.Trojan.Downloader.OpenConnection.AI

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)=>bpac/KAVS.class
Deleted

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq=>(Quarantine-6)
Updated

C:\Documents and Settings\mlindsey\Desktop\Virus Removal Tool\setup_9.0.0.722_08.01.2011_14-36\qb\70a1c99adde853d2.klq
Update failed

C:\Documents and Settings\mlindsey\My Documents\FIXES\rpcscan2.zip=>RPCScan2.exe
Detected with: Application.Portscan.Rpcscan.B

C:\Documents and Settings\mlindsey\My Documents\FIXES\rpcscan2.zip=>RPCScan2.exe
Deleted

C:\Documents and Settings\mlindsey\My Documents\FIXES\rpcscan2.zip
Updated

C:\System Volume Information\_restore{915950EB-8C13-4722-B1D2-8A37A967E18D}\RP686\A0142235.sys
Infected with: Rootkit.Bagle.K

C:\System Volume Information\_restore{915950EB-8C13-4722-B1D2-8A37A967E18D}\RP686\A0142235.sys
Deleted

C:\System Volume Information\_restore{915950EB-8C13-4722-B1D2-8A37A967E18D}\RP686\A0142392.sys
Infected with: Rootkit.Bagle.K

C:\System Volume Information\_restore{915950EB-8C13-4722-B1D2-8A37A967E18D}\RP686\A0142392.sys
Deleted

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:57 AM

Posted 14 January 2011 - 07:24 PM

A lot of evidence of malware, some downloaders which can be picked up off but nothing explaining the AVG issue.

After the BitDefender run has that allowed AVG to install now?
Posted Image
m0le is a proud member of UNITE

#15 myklnz

myklnz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 January 2011 - 01:04 PM

I removed everything flagged as malware and got rid of the system restore points.

Ran BitDefender again with a clean bill of health:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Jan 15, 2011 - 12:55:40
--------------------------------------------------------------------------------

Scan Info

Scanned Files
866338

Infected Files
0

Virus Detected

No virus found.


The AVG still won't install though - same message......maybe I should give up on Kaspersky and use something else?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users