Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to get malware completely removed


  • This topic is locked This topic is locked
20 replies to this topic

#1 g.k.

g.k.

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 05 June 2012 - 11:47 AM

Original topic here

So, uh, an overview of my problems: I have a old Windows XP PC (512 MB RAM, 66 GB hard disk space total, 8 gb remaining) that I have been using for 2,5 - 3 years. It's obviously very slow, but it had been getting slower over the last month or so. It had AVG Free installed, so I didn't think I would have a malware problem. However, I experienced some very suspicious symptoms: Folders would randomly become read-only and I wasn't able to revert them back, tracking cookies kept coming back after I delete them, even when I didn't connect to the net, I received advertising/spam em-mails from my brother -who only uses this PC- and the PC was even slower than before. I ran a full AVG scan, but it didn't spot much and it didn't fix any of the problems, so I decided to ask for help in the "Am I Infected" forum.

Boopme helped me with the disinfection process. I ran many scans, including MBAM, TDSSKiller, ESET, aswMBR and SuperAntiSpyware. I uninstalled AVG and installed MBAM & Microsoft Security Essentials & ZeroAccess Firewall.

The computer runs smoother now and it's fully functional. However, the malware problem is still not completely solved. MBAM occasionally says it blocked outgoing access to a malicious website, and random games' .exe files are get infected, which MBAM catches; obviously symptoms that malware is still active.

Boopme told me to open a topic here, so yeah. Even though I've added it to MSE and MBAM's ignore lists, DDS doesn't work: it runs for a while, and then the computer completely freezes. I have to manually restart the computer afterwards. I was told to run RSIT, paste log.txt here and attach info.txt, so... yeah.

Thank you in advance for assistance :)

RSIT LOG
Logfile of random's system information tool 1.09 (written by random/random)
Run by Burak at 2012-06-05 19:23:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (21%) free of 40 GB
Total RAM: 511 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:04, on 05.06.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\games\icytower1.3\icytower13.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Acclaim\ReVolt\revolt.exe
C:\Documents and Settings\Burak\Desktop\RSIT.exe
C:\Program Files\trend micro\Burak.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://kelimeara.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://roonic.com/results.html?q=%s&sa=Search&cx=partner-pub-0345395751421741:y8d2vrh2u6t&cof=FORID:10&ie=UTF-8
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - Default URLSearchHook is missing
O2 - BHO: C:\Program Files\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files\2YourFace\bho.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\FlashGetBHO3.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (file missing)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 1server.exe.lnk = C:\Program Files\valve\platform\config\1server.exe
O4 - Startup: zserver.exe.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll
O9 - Extra 'Tools' menuitem: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/tr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} (Flatcast Viewer 5.2) - http://92.51.137.94/objects/NpFv522.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CB00CDC-A4BC-4163-BE5B-84952742A3CC}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{8CB00CDC-A4BC-4163-BE5B-84952742A3CC}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{8CB00CDC-A4BC-4163-BE5B-84952742A3CC}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 11682 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Burak Logon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1580818891-839522115-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1580818891-839522115-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{888E1253-D50B-4947-B58A-7A86185A62BB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]
2YourFace Addon - C:\Program Files\2YourFace\bho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-22 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-11 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-03-16 599680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Oturum Açma Yardım Aracı - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\FlashGetBHO3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-11 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB07458 Class - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll [2011-09-20 2662216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Free software Gooofull toolbar - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll [2011-09-20 2662216]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll []
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-03-16 599680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2012-01-22 296056]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2012-03-16 738944]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2012-03-19 73360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-10-27 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"FlashGet 3"=C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe -minimize []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe /MINIMIZED []
"Steam"=C:\Program Files\Steam\Steam.exe -silent []

C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe

C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç
1server.exe.lnk - C:\Program Files\valve\platform\config\1server.exe
zserver.exe.lnk - C:\Program Files\Valve\platform\config\zserver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\SIERRA\Half-Life\hl.exe"="C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Metin2_Turkey\metin2.bin"="C:\Program Files\Metin2_Turkey\metin2.bin:*:Enabled:metin2"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\Jazz2\Jazz2.exe"="D:\Jazz2\Jazz2.exe:*:Enabled:Jazz Jackrabbit 2"
"C:\Program Files\Metin2_Turkey\metin2client.bin"="C:\Program Files\Metin2_Turkey\metin2client.bin:*:Enabled:metin2client"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Yükleyicisi"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Burak\Desktop\pokemon-server\Server.exe"="C:\Documents and Settings\Burak\Desktop\pokemon-server\Server.exe:*:Enabled:Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"vidc.divx"=divx.dll
"vidc.xvid"=xvidvfw.dll
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-06-05 19:23:39 ----D---- C:\Program Files\trend micro
2012-06-05 19:23:33 ----D---- C:\rsit
2012-06-05 18:00:15 ----A---- C:\WINDOWS\entpack.ini
2012-06-04 20:50:33 ----D---- C:\Documents and Settings\Burak\Application Data\SUPERAntiSpyware.com
2012-06-04 20:49:55 ----D---- C:\Program Files\SUPERAntiSpyware
2012-06-04 20:49:55 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-04 20:21:49 ----D---- C:\Documents and Settings\Burak\Application Data\CheckPoint
2012-06-04 20:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$
2012-06-04 20:16:45 ----D---- C:\Program Files\CheckPoint
2012-06-04 20:16:11 ----D---- C:\Documents and Settings\All Users\Application Data\CheckPoint
2012-06-04 10:38:06 ----D---- C:\Program Files\7-Zip
2012-06-04 10:08:21 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-06-04 10:01:02 ----D---- C:\Program Files\Microsoft Security Client
2012-06-04 10:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2012-06-03 18:25:26 ----A---- C:\TDSSKiller.2.7.36.0_03.06.2012_18.25.26_log.txt
2012-06-03 16:08:27 ----D---- C:\Documents and Settings\Burak\Application Data\Malwarebytes
2012-06-03 16:08:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-06-03 16:08:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-06-03 16:08:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-05-31 11:25:41 ----D---- C:\Program Files\Acclaim
2012-05-08 23:08:04 ----A---- C:\user.js
2012-05-08 23:07:36 ----D---- C:\Documents and Settings\Burak\Application Data\Babylon
2012-05-08 23:07:36 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2012-05-08 23:07:23 ----D---- C:\Documents and Settings\All Users\Application Data\Bcool

======List of files/folders modified in the last 1 month======

2012-06-05 19:23:39 ----D---- C:\Program Files
2012-06-05 19:20:38 ----D---- C:\WINDOWS\Temp
2012-06-05 18:16:05 ----A---- C:\WINDOWS\wwp.INI
2012-06-05 18:13:02 ----A---- C:\WINDOWS\kgt2k.INI
2012-06-05 18:07:17 ----A---- C:\WINDOWS\chess.ini
2012-06-05 18:03:50 ----A---- C:\WINDOWS\win.ini
2012-06-05 18:00:15 ----D---- C:\WINDOWS
2012-06-05 16:55:56 ----D---- C:\WINDOWS\system32\drivers
2012-06-05 13:07:27 ----SD---- C:\WINDOWS\Tasks
2012-06-05 13:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2012-06-05 12:57:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-05 00:11:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-04 20:30:36 ----D---- C:\WINDOWS\system32
2012-06-04 20:22:44 ----SHD---- C:\WINDOWS\Installer
2012-06-04 20:22:05 ----HD---- C:\Config.Msi
2012-06-04 20:21:55 ----D---- C:\WINDOWS\WinSxS
2012-06-04 20:20:53 ----HD---- C:\WINDOWS\inf
2012-06-04 20:20:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-04 10:01:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-06-04 10:00:27 ----A---- C:\WINDOWS\imsins.BAK
2012-06-04 09:59:16 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-04 09:59:14 ----D---- C:\WINDOWS\system32\CatRoot
2012-06-04 09:34:34 ----D---- C:\Program Files\Winamp
2012-06-04 09:34:31 ----D---- C:\WINDOWS\Prefetch
2012-06-04 09:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012
2012-06-04 09:25:33 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2012-06-04 09:02:34 ----D---- C:\Program Files\2YourFace
2012-06-04 08:59:26 ----D---- C:\Program Files\KUR YAZILIM
2012-06-03 21:57:31 ----D---- C:\WINDOWS\SoftwareDistribution
2012-06-03 21:05:17 ----D---- C:\Documents and Settings\Burak\Application Data\AVG
2012-06-03 17:57:28 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-02 16:31:29 ----D---- C:\Metin 2 pvp
2012-05-31 12:47:49 ----D---- C:\WINDOWS\Minidump
2012-05-23 18:04:11 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-23 15:48:04 ----D---- C:\a70ae57961d37556cf118de777247341
2012-05-21 22:15:57 ----D---- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
2012-05-20 17:20:17 ----D---- C:\Documents and Settings
2012-05-12 13:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-05-12 13:10:00 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-12 12:00:00 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-12 11:56:08 ----D---- C:\Program Files\Common Files\InstallShield
2012-05-08 23:08:13 ----D---- C:\Documents and Settings\All Users\Application Data\InstallMate

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 eBoost;eBoostr caching filter driver; C:\WINDOWS\system32\drivers\eBoost.sys [2009-05-20 125544]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 uagp35;Microsoft AGPv3.5 Süzgeci; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R1 intelppm;Intel İşlemci Sürücüsü; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-10-27 39936]
R1 LIKECDN2;LIKECDN2; C:\WINDOWS\system32\DRIVERS\LIKECDN2.sys [2002-02-15 20615]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 Tcpip6;Microsoft IPv6 İletişim Kuralı Sürücüsü; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2012-03-19 525840]
R1 XSPACEWG;XSPACEWG; \??\C:\WINDOWS\system32\drivers\XSpaceWg.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Uyumlu Aktarma İletişim Kuralları; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2007-10-27 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2007-10-27 63232]
R2 NwlnkSpx;NWLink SPX/SPXII İletişim Kuralları; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2007-10-27 55936]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Sürücüsü; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Microsoft HID Sınıf Sürücüsü; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Fare HID Sürücüsü; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-21 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 tunmp;Microsoft Tun Miniport Bağdaştırıcısı Sürücüsü; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2007-10-27 12416]
R3 usbaudio;USB Ses Sürücüsü (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Genel Üst Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-10-27 20480]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 nm;Ağ İzleyicisi Sürücüsü; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2007-10-27 40320]
S3 usbprint;Microsoft USB YAZICI Sınıfı; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Tarayıcı Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Yığın Depolama Sürücüsü; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742); C:\WINDOWS\system32\drivers\WPRO_41_1742.sys [2010-09-18 34576]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 6to4;IPv6 Yardımcı Hizmeti; C:\WINDOWS\system32\svchost.exe [2007-10-27 14336]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-03-16 497280]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 NwSapAgent;SAP Aracısı; C:\WINDOWS\system32\svchost.exe [2007-10-27 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2012-03-19 2421640]
S2 EBOOSTRSVC;eBoostr Service; C:\Program Files\eBoostr\EBstrSvc.exe [2009-05-23 639616]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-26 133104]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-11 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Aile Koruması Hizmeti; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-26 133104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-12-14 4041064]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Ağ Paylaşımı Hizmeti; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-10-27 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

06.06.2012 EDIT: Yesterday, while browsing the internet, I closed the window than reopened it again. Google Chrome said (translating from Turkish) "Your profile is unable to be opened correctly. You might not be able to use some facilities correctly. Please ensure you had a valid profile and you have read/right rights". Weird, because the PC had only one account (which is this one, the administrator account). I decided to run a quick scan -sorry about that, I just learned that I shouldn't do anything without you guys' notice-, scan results below:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Burak :: XP [administrator]

Protection: Enabled

05.06.2012 22:28:22
mbam-log-2012-06-05 (22-28-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: File System
Objects scanned: 190007
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---
Google Chrome error screenshot here, I don't want to post it directly here as it'd stretch the screen. Some sample "blocked outgoing access to a malicious website" messages from MBAM:
Posted Image

I don't know if that means anything, but these messages have been appearing at around night, mostly around 19-23 o'clock. Also, uh, MBAM randomly catches .exe files, should I post a screenshot of MBAM's quarantine?

As for the RSIT/HJT log, I see that the two processes C:\games\icytower1.3\icytower13.exe and C:\Program Files\Acclaim\ReVolt\revolt.exe were running when I ran RSIT/HJT. Those are 2 games installed on this PC. I had closed all programs before running RSIT/HJT so this means the games' .exe files are/have become infected, right? Normally I would've ran rkill to kill these processes running in the background and then uninstall them, but I'm waiting for your approval.

Attached Files


Edited by g.k., 06 June 2012 - 04:00 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 June 2012 - 11:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/455964 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 10 June 2012 - 03:56 PM

A quick update: I still get messages from MBAM every day saying it blocked outgoing connections, but no new .exe files have been infected in these last 5 days. I can post the protection logs if needed. Besides what I have edited in to the OP, I haven't done anything else. Google Chrome has recovered my profile somehow, btw.

I just ran Defogger. I can't find my Windows CD. However, considering this infection is mostly cured now, I doubt it'll be needed :)

Running GMER now, but looks like it'll be taking a long time to complete. I'll post it later.

Edited by g.k., 10 June 2012 - 03:57 PM.


#4 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 11 June 2012 - 04:28 AM

GMER LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-11 12:23:47
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 SAMSUNG_SP0842N rev.BH100-45
Running: 58hhh9v9.exe; Driver: C:\DOCUME~1\Burak\LOCALS~1\Temp\pgtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF5FA12F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF5F9B5CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF5FBA58A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF5FA1A80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF5FB4E4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF5FB523C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF5FBE6F6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF5FA1BB6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF5F9C1E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF5FBBE3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF5FBB7B2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF5FB3D8A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF5FBC794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF5FBC99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF5F9BDF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF5FB7160]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF5FB6D8A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF5FBD72A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF5FBD060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF5FA0EC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF5FBE0FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF5FA159C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF5F9C5A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF5FBDC6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF5FBAF72]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF5FB5EA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF5FB5C20]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [80, 1A, FA, F5, 4E, 4E, FB, ...] {SBB BYTE [EDX], 0xfa; CMC ; DEC ESI; DEC ESI; STI ; CMC ; CMP AL, 0x52; STI ; CMC }
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7532360, 0x240F7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[252] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[252] USER32.dll!DefDlgProcW + 56E 7E373D08 2 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[252] USER32.dll!DefDlgProcW + 571 7E373D0B 2 Bytes [94, A2]
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] USER32.dll!DefDlgProcW + 56E 7E373D08 2 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[600] USER32.dll!DefDlgProcW + 571 7E373D0B 2 Bytes [94, A2]
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft Security Client\MsMpEng.exe[1148] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1316] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1352] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Security Client\msseces.exe[1380] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1448] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtCreateFile + 6 7C8FD0B4 4 Bytes [28, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtCreateFile + B 7C8FD0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtMapViewOfSection + 6 7C8FD524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtMapViewOfSection + 6 7C8FD524 4 Bytes [28, 03, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtMapViewOfSection + B 7C8FD529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenFile + 6 7C8FD5A4 4 Bytes [68, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenFile + B 7C8FD5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenProcess + 6 7C8FD604 4 Bytes [A8, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenProcess + B 7C8FD609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenProcessToken + 6 7C8FD614 4 Bytes CALL 7B900B1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenProcessToken + B 7C8FD619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenProcessTokenEx + 6 7C8FD624 4 Bytes [A8, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenProcessTokenEx + B 7C8FD629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenThread + 6 7C8FD664 4 Bytes [68, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenThread + B 7C8FD669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenThreadToken + 6 7C8FD674 4 Bytes [68, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenThreadToken + B 7C8FD679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenThreadTokenEx + 6 7C8FD684 4 Bytes CALL 7B900B8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtOpenThreadTokenEx + B 7C8FD689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtQueryAttributesFile + 6 7C8FD714 4 Bytes [A8, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtQueryAttributesFile + B 7C8FD719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtQueryFullAttributesFile + 6 7C8FD7B4 4 Bytes CALL 7B900CB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtQueryFullAttributesFile + B 7C8FD7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtSetInformationFile + 6 7C8FDC64 4 Bytes [28, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtSetInformationFile + B 7C8FDC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtSetInformationThread + 6 7C8FDCB4 4 Bytes [28, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtSetInformationThread + B 7C8FDCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtUnmapViewOfSection + 6 7C8FDF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtUnmapViewOfSection + 6 7C8FDF14 4 Bytes [68, 03, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ntdll.dll!NtUnmapViewOfSection + B 7C8FDF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1672] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1904] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtCreateFile + 6 7C8FD0B4 4 Bytes [28, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtCreateFile + B 7C8FD0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtMapViewOfSection + 6 7C8FD524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtMapViewOfSection + 6 7C8FD524 4 Bytes [28, 03, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtMapViewOfSection + B 7C8FD529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenFile + 6 7C8FD5A4 4 Bytes [68, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenFile + B 7C8FD5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcess + 6 7C8FD604 4 Bytes [A8, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcess + B 7C8FD609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessToken + B 7C8FD619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessTokenEx + 6 7C8FD624 4 Bytes [A8, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenProcessTokenEx + B 7C8FD629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThread + 6 7C8FD664 4 Bytes [68, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThread + B 7C8FD669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadToken + 6 7C8FD674 4 Bytes [68, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadToken + B 7C8FD679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtOpenThreadTokenEx + B 7C8FD689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryAttributesFile + 6 7C8FD714 4 Bytes [A8, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryAttributesFile + B 7C8FD719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtQueryFullAttributesFile + B 7C8FD7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationFile + 6 7C8FDC64 4 Bytes [28, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationFile + B 7C8FDC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationThread + 6 7C8FDCB4 4 Bytes [28, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtSetInformationThread + B 7C8FDCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtUnmapViewOfSection + 6 7C8FDF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtUnmapViewOfSection + 6 7C8FDF14 4 Bytes [68, 03, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ntdll.dll!NtUnmapViewOfSection + B 7C8FDF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2200] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2300] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2448] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3056] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + 6 7C8FD0B4 4 Bytes [28, 00, 29, 00] {SUB [EAX], AL; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + B 7C8FD0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + 6 7C8FD524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + 6 7C8FD524 4 Bytes [28, 03, 29, 00] {SUB [EBX], AL; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + B 7C8FD529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + 6 7C8FD5A4 4 Bytes [68, 00, 29, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + B 7C8FD5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + 6 7C8FD604 4 Bytes [A8, 01, 29, 00] {TEST AL, 0x1; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + B 7C8FD609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + B 7C8FD619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + 6 7C8FD624 4 Bytes [A8, 02, 29, 00] {TEST AL, 0x2; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + B 7C8FD629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + 6 7C8FD664 4 Bytes [68, 01, 29, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + B 7C8FD669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + 6 7C8FD674 4 Bytes [68, 02, 29, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + B 7C8FD679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + B 7C8FD689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + 6 7C8FD714 4 Bytes [A8, 00, 29, 00] {TEST AL, 0x0; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + B 7C8FD719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + 6 7C8FD7B4 4 Bytes CALL 7B9000B9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + B 7C8FD7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + 6 7C8FDC64 4 Bytes [28, 01, 29, 00] {SUB [ECX], AL; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + B 7C8FDC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + 6 7C8FDCB4 4 Bytes [28, 02, 29, 00] {SUB [EDX], AL; SUB [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + B 7C8FDCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + 6 7C8FDF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + 6 7C8FDF14 4 Bytes [68, 03, 29, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + B 7C8FDF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Burak\Desktop\58hhh9v9.exe[3608] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtAccessCheckByType 7C8FCE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtImpersonateClientOfPort 7C8FD3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationProcess 7C8FDC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7406 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!SetThreadToken 77DCF141 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!FindWindowA 7E37DE87 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!FindWindowW 7E37E13A 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eBoost.sys (eBoostr Filter Driver/eBoostr.com)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cf5 20036 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cf6 30654 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cf7 61345 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cf8 71870 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cf9 77902 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cfa 96043 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cfb 185252 bytes
File C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_001cfc 0 bytes

---- EOF - GMER 1.0.15 ----

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:25 AM

Posted 11 June 2012 - 07:43 AM

HI,

could you please run a log with OTL for me too:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 11 June 2012 - 09:09 AM

OTL.txt

OTL logfile created on: 11.06.2012 16:47:28 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Burak\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

511,30 Mb Total Physical Memory | 102,13 Mb Available Physical Memory | 19,98% Memory free
1,22 Gb Paging File | 0,61 Gb Available in Paging File | 50,29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 8,16 Gb Free Space | 20,88% Space Free | Partition Type: NTFS
Drive D: | 26,96 Gb Total Space | 1,91 Gb Free Space | 7,08% Space Free | Partition Type: NTFS
Drive G: | 307,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: XP | User Name: Burak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.11 16:45:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Burak\Desktop\OTL.exe
PRC - [2012.05.23 04:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.19 19:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.03.19 19:32:00 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.03.16 19:07:00 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.03.16 19:06:56 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012.01.22 00:04:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2007.06.13 16:22:28 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.23 04:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012.05.23 04:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012.05.23 04:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012.05.23 04:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012.05.23 04:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012.05.23 04:06:23 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012.05.03 11:37:25 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012.05.03 11:37:25 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2006.06.01 17:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2003.01.15 01:27:30 | 000,118,784 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.05.04 20:24:53 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 19:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.03.16 19:07:00 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.12.14 20:01:00 | 004,041,064 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2009.05.23 18:36:26 | 000,639,616 | ---- | M] (eBoostr.com) [Auto | Stopped] -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.19 19:32:02 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012.03.16 19:06:52 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.09.18 22:01:46 | 000,034,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPRO_41_1742.sys -- (WPRO_41_1742) WinPcap Packet Driver (WPRO_41_1742)
DRV - [2010.02.11 15:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.05.20 17:38:58 | 000,125,544 | ---- | M] (eBoostr.com) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\eBoost.sys -- (eBoost)
DRV - [2007.10.27 10:55:05 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.10.27 10:55:05 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2007.10.27 10:55:05 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007.10.27 10:55:01 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2002.02.15 13:33:10 | 000,020,615 | ---- | M] (SPACE INT'L, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LIKECDN2.sys -- (LIKECDN2)
DRV - [2001.12.11 10:46:10 | 000,003,524 | ---- | M] (SPACE INT'L, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\XSpaceWG.sys -- (XSPACEWG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kelimeara.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://roonic.com/results.html?q=%s&sa=Search&cx=partner-pub-0345395751421741:y8d2vrh2u6t&cof=FORID:10&ie=UTF-8
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.tr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 CF 8A 4F FC 5F CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = http://www.gooofullsearch.com/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112454&tt=290412_2_ppcb&babsrc=SP_ss&mntrId=a06af0670000000000000016ec51f36c
IE - HKCU\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.tr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_tr
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1AD64AD1-D756-4F6E-BCB1-E83A9658626C}&mid=2359e4984d0ce1d44d28b089d2e17169-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=tr&ds=AVG&pr=fr&d=2011-11-05 22:57:55&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\WINDOWS\DOWNLO~1\NpFv522.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.22 00:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.04 20:47:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Program Files\2YourFace\2YourFace.xpi

[2011.08.17 21:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\extensions
[2011.08.17 21:52:38 | 000,000,000 | ---D | M] (2YourFace) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\extensions\support@2yourface.com
[2012.06.03 16:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\Profiles\extensions
[2012.05.08 23:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2012.05.08 23:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2011.08.17 21:52:38 | 000,000,000 | ---D | M] (2YourFace) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\Profiles\extensions\support@2yourface.com
[2012.05.08 23:07:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Burak\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@babylon.com
[2011.09.04 19:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.15 22:49:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Super Brawl 2 = C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnggcjladajkbeookglkhiaekdongilp\1.1_0\
CHR - Extension: Nyan Cat - Lost in Space Flash = C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jaflfnajckagdhjlnkgndmbodjpkagcc\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Burak\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011.12.22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files\2YourFace\bho.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\FlashGetBHO3.dll File not found
O2 - BHO: (TBSB07458 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Free software Gooofull toolbar) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Free software Gooofull toolbar) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe (eBoostr.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\LCDPlayer.lnk = C:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe (Space International, Inc.)
O4 - Startup: C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç\1server.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç\zserver.exe.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\GetAllUrl.htm File not found
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\GetUrl.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\GetUrl.htm File not found
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Burak\Application Data\FlashGetBHO\GetAllUrl.htm File not found
O9 - Extra Button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\Icy Tower 1.3.1\mybarnsa92.tmp\tbcore3.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/tr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} http://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB00CDC-A4BC-4163-BE5B-84952742A3CC}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB00CDC-A4BC-4163-BE5B-84952742A3CC}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Geçerli Giriş Sayfam) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Burak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Burak\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.05 17:51:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.05 17:30:56 | 000,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2003.10.30 19:06:22 | 000,023,040 | R--- | M] () - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.10.30 19:06:22 | 000,000,027 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2c6d9e16-c89a-11de-90ac-0016ec51f36c}\Shell - "" = AutoRun
O33 - MountPoints2\{2c6d9e16-c89a-11de-90ac-0016ec51f36c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{826867c3-51e3-11de-8f6f-0016ec51f36c}\Shell - "" = AutoRun
O33 - MountPoints2\{826867c3-51e3-11de-8f6f-0016ec51f36c}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2003.10.30 19:06:22 | 000,023,040 | R--- | M] ()
O33 - MountPoints2\{993c998a-dcee-11de-90ef-0016ec51f36c}\Shell\AutoRun\command - "" = xp32.exe
O33 - MountPoints2\{993c998a-dcee-11de-90ef-0016ec51f36c}\Shell\explore\Command - "" = xp32.exe
O33 - MountPoints2\{993c998a-dcee-11de-90ef-0016ec51f36c}\Shell\open\Command - "" = xp32.exe
O33 - MountPoints2\{b39a4608-8cb2-11e1-9736-0016ec51f36c}\Shell\AutoRun\command - "" = SysAnti.exe
O33 - MountPoints2\{b39a4608-8cb2-11e1-9736-0016ec51f36c}\Shell\Explore\Command - "" = SysAnti.exe
O33 - MountPoints2\{b39a4608-8cb2-11e1-9736-0016ec51f36c}\Shell\Open\Command - "" = SysAnti.exe
O33 - MountPoints2\{fb8079e4-51e0-11de-8f6e-0016ec51f36c}\Shell\AutoRun\command - "" = F:\gclwpivc.cmd
O33 - MountPoints2\{fb8079e4-51e0-11de-8f6e-0016ec51f36c}\Shell\open\Command - "" = F:\gclwpivc.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Java için Dinamik HTML Veri Baglantisi
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Ileri Düzey Gelistirme
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Siniflari
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Görev Zamanlayıcı
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.06.11 16:45:52 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Burak\Desktop\OTL.exe
[2012.06.05 19:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.06.05 19:23:33 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.05 10:24:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Burak\Start Menu\Programlar\Yönetimsel Araçlar
[2012.06.04 20:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Application Data\SUPERAntiSpyware.com
[2012.06.04 20:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.06.04 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.04 20:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Belgelerim\ForceField Shared Files
[2012.06.04 20:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Application Data\CheckPoint
[2012.06.04 20:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Check Point
[2012.06.04 20:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012.06.04 20:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012.06.04 10:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Desktop\pokemon-server
[2012.06.04 10:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\7-Zip
[2012.06.04 10:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.06.04 10:08:21 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012.06.04 10:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.03 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Application Data\Malwarebytes
[2012.06.03 16:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Malwarebytes' Anti-Malware
[2012.06.03 16:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.06.03 16:08:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.03 16:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 11:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Start Menu\Programlar\Re-Volt
[2012.05.31 11:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Acclaim
[2012.05.30 17:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\.exe
[2012.05.29 20:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Start Menu\Programlar\Steam
[2012.05.29 19:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\My Documents
[2012.05.20 15:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Burak\Desktop\Yeni Klasör (2)
[1 C:\Documents and Settings\Burak\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Burak\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.11 16:56:04 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{888E1253-D50B-4947-B58A-7A86185A62BB}.job
[2012.06.11 16:45:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Burak\Desktop\OTL.exe
[2012.06.11 16:25:02 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 16:23:01 | 000,000,814 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.11 16:15:42 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.11 16:09:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.11 16:06:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1580818891-839522115-1004.job
[2012.06.11 16:06:03 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.11 16:06:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 16:05:46 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012.06.11 16:05:45 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Burak Logon.job
[2012.06.11 16:05:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.10 23:24:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Burak\defogger_reenable
[2012.06.10 23:23:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Burak\Desktop\Defogger.exe
[2012.06.05 22:21:26 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Burak\Desktop\googlechromeerör.bmp
[2012.06.05 21:57:48 | 000,472,370 | ---- | M] () -- C:\Documents and Settings\Burak\Desktop\du9sueryg9s7ygskhshg.bmp
[2012.06.05 18:16:05 | 000,000,083 | ---- | M] () -- C:\WINDOWS\wwp.INI
[2012.06.05 18:13:02 | 000,000,056 | ---- | M] () -- C:\WINDOWS\kgt2k.INI
[2012.06.05 18:07:17 | 000,000,131 | ---- | M] () -- C:\WINDOWS\chess.ini
[2012.06.05 18:00:15 | 000,000,020 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012.06.05 12:57:54 | 000,415,915 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.06.04 20:50:10 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.04 20:43:04 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Burak\Desktop\ZoneAlarm Firewall.lnk
[2012.06.04 10:02:42 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.06.04 10:01:51 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Burak\Desktop\Microsoft Security Essentials.lnk
[2012.06.04 10:00:27 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.03 16:08:21 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 12:00:55 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç\1server.exe.lnk
[2012.06.03 12:00:55 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç\zserver.exe.lnk
[2012.06.02 19:41:20 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Burak\Application Data\Microsoft\Internet Explorer\Quick Launch\Kısayol Metin2 PVP.lnk
[2012.05.30 15:58:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1580818891-839522115-1004.job
[2012.05.27 23:30:24 | 034,692,786 | ---- | M] () -- C:\Documents and Settings\Burak\Desktop\Cahillikler_Kitabi1-2-3.rar
[2012.05.24 15:34:19 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.13 10:16:27 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\Documents and Settings\Burak\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Burak\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.10 23:24:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Burak\defogger_reenable
[2012.06.10 23:23:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Burak\Desktop\Defogger.exe
[2012.06.10 22:28:40 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Burak\Application Data\Microsoft\Internet Explorer\Quick Launch\Kısayol Neorage.lnk
[2012.06.05 22:21:26 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Burak\Desktop\googlechromeerör.bmp
[2012.06.05 21:09:33 | 000,472,370 | ---- | C] () -- C:\Documents and Settings\Burak\Desktop\du9sueryg9s7ygskhshg.bmp
[2012.06.05 18:00:15 | 000,000,020 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2012.06.04 20:50:10 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.04 20:48:24 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Burak\Desktop\ZoneAlarm Firewall.lnk
[2012.06.04 20:22:49 | 000,415,915 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.06.04 10:11:49 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.04 10:01:51 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Burak\Desktop\Microsoft Security Essentials.lnk
[2012.06.04 09:37:17 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.06.03 16:08:21 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 12:00:52 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç\1server.exe.lnk
[2012.06.03 12:00:52 | 000,001,511 | ---- | C] () -- C:\Documents and Settings\Burak\Start Menu\Programlar\Başlangıç\zserver.exe.lnk
[2012.05.27 23:12:14 | 034,692,786 | ---- | C] () -- C:\Documents and Settings\Burak\Desktop\Cahillikler_Kitabi1-2-3.rar
[2011.06.12 19:50:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\SkycarUninstall.exe
[2011.04.30 12:24:38 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2011.02.23 18:42:38 | 000,000,148 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011.02.07 20:48:43 | 000,811,008 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.02.07 20:48:43 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.02.07 20:48:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011.02.02 22:29:31 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011.01.05 23:59:27 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2010.12.31 17:49:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.12.31 15:59:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2010.12.31 15:57:14 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010.12.28 20:49:25 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2010.12.28 19:59:34 | 000,000,345 | ---- | C] () -- C:\WINDOWS\Okey+.ini
[2010.09.18 22:01:46 | 000,034,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\WPRO_41_1742.sys
[2010.09.14 21:23:12 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010.09.14 21:20:52 | 000,000,424 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010.09.14 21:20:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011.02.07 20:48:09 | 006,640,362 | ---- | M] ( ) -- C:\codec8.4.exe
[2011.02.07 02:30:50 | 025,855,632 | ---- | M] (RealNetworks, Inc.) -- C:\RealPlayer.exe
[2011.02.07 02:53:27 | 025,748,104 | ---- | M] (Microsoft Corporation) -- C:\wmp11-windowsxp-x86-TR-TR.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.06.05 20:41:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.06.05 20:41:26 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.06.05 20:41:26 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012.03.20 20:44:12 | 000,171,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36FE0BB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5551A625
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

Extras.txt

OTL Extras logfile created on: 11.06.2012 16:47:28 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Burak\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

511,30 Mb Total Physical Memory | 102,13 Mb Available Physical Memory | 19,98% Memory free
1,22 Gb Paging File | 0,61 Gb Available in Paging File | 50,29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 8,16 Gb Free Space | 20,88% Space Free | Partition Type: NTFS
Drive D: | 26,96 Gb Total Space | 1,91 Gb Free Space | 7,08% Space Free | Partition Type: NTFS
Drive G: | 307,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: XP | User Name: Burak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\SIERRA\Half-Life\hl.exe" = C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"C:\Program Files\Metin2_Turkey\metin2.bin" = C:\Program Files\Metin2_Turkey\metin2.bin:*:Enabled:metin2 -- ()
"D:\Jazz2\Jazz2.exe" = D:\Jazz2\Jazz2.exe:*:Enabled:Jazz Jackrabbit 2 -- (Epic MegaGames Inc.)
"C:\Program Files\Metin2_Turkey\metin2client.bin" = C:\Program Files\Metin2_Turkey\metin2client.bin:*:Enabled:metin2client -- (Ymir Entertainment)
"C:\Westwood\RA2\game.exe" = C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2 -- (Westwood Studios)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Yükleyicisi
"C:\Documents and Settings\Burak\Desktop\pokemon-server\Server.exe" = C:\Documents and Settings\Burak\Desktop\pokemon-server\Server.exe:*:Enabled:Server -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{126EE960-8590-4D2A-AF52-DB3C4940572C}" = Windows Live Aile Koruması
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Karşıya Yükleme Aracı
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0922-000001000000}" = 7-Zip 9.22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.53
"{30EDE085-7423-41A3-9FE9-4956AA61985D}" = Windows Live Writer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C941f-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5F25BBF0-8CBA-47CB-8E7B-EEE29C434FD3}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81684948-F3E4-4566-AF37-9601272A5079}" = Windows Live Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F7BC615-A7E3-4309-B60E-BC8BF3DEAE83}" = Windows Live Mail
"{90120000-0010-041F-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Turkish) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-041F-0000-0000000FF1CE}" = Microsoft Office Access MUI (Turkish) 2007
"{90120000-0015-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
"{90120000-0016-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
"{90120000-0018-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041F-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Turkish) 2007
"{90120000-0019-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041F-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Turkish) 2007
"{90120000-001A-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
"{90120000-001B-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_PROPLUS_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
"{90120000-0044-041F-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Turkish) 2007
"{90120000-0044-041F-0000-0000000FF1CE}_PROPLUS_{9B14E574-B6BD-48A8-B1C3-124ED5AAD01A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}_PROPLUS_{8EFDC918-E9A4-43CF-8AE2-95AE63E01DFE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E7A5227-18B5-4C85-8926-D08BE2F8FC3A}" = Windows Live Fotoğraf Galerisi
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1DA00CE-AA3E-45BC-91D6-66739D9E16F1}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0F32615-604C-441D-8312-AD1A6F8D3534}" = CDSpace 4.1
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D926BF53-9A73-4B58-90E0-A1B48FFC3913}" = Windows Live Messenger
"{D9313DEC-F4B0-430A-8565-63F8450D2D42}" = ZoneAlarm Security
"{E8DBC0AE-4A2D-4859-84E9-C50C3EBA4DB0}" = ZoneAlarm Firewall
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"{F8BFDEB8-9D2A-40CF-9E2C-FCA68FFAD959}" = Windows Live Oturum Açma Yardımcısı
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEED61F5-C811-42D2-B924-E8AE01B335E1}" = Windows Live Temel Parçalar
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Codec_is1" = Codec 8.4
"DigimonBattle" = DigimonBattle 2010.12.15
"eBoostr 1" = eBoostr 3
"e-XPLoDeR & HPB Bot" = e-XPLoDeR & HPB Bot
"Fish Tycoon_is1" = Fish Tycoon
"FoxBot" = FoXBot v0.67
"Google Chrome" = Google Chrome
"Half-Life" = Half-Life
"Hamsterball_is1" = Hamsterball 3.25
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Overkill" = Overkill
"Picasa2" = Picasa 2
"POD-Bot 2.5" = POD-Bot 2.5
"PROPLUS" = Microsoft Office Professional Plus 2007
"Punk Ass Fraggers Map Pack V1.3" = Punk Ass Fraggers Map Pack V1.3
"QBeez 2" = QBeez 2
"RealPlayer 15.0" = RealPlayer
"Red Alert 2" = Command & Conquer Red Alert 2
"Re-Volt" = Re-Volt patch 12.07
"Rival Ball Tournament_is1" = Rival Ball Tournament
"Sierra Utilities" = Sierra Utilities
"Soldat_is1" = Soldat 1.6.2
"Steam" = Steam
"vvv.kimdir.com Oyun kutusu" = vvv.kimdir.com Oyun kutusu
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Temel Parçalar
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Armada Tanks" = Armada Tanks 1.00
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.06.2012 10:21:16 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Hata uygulaması fishtycoon.rwg, sürüm 0.0.0.0, hata modülü fishtycoon.rwg,
sürümü 0.0.0.0, hata adresi 0x0009dfbb.

Error - 05.06.2012 11:07:05 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Hata uygulaması rb tournament.exe, sürüm 1.0.4.0, hata modülü rb tournament.exe,
sürümü 1.0.4.0, hata adresi 0x0005b3b0.

Error - 05.06.2012 11:11:28 | Computer Name = XP | Source = Application Hang | ID = 1002
Description = Askıda kalan uygulama hl.exe, sürüm 1.1.0.6, askı modülü hungapp,
sürüm 0.0.0.0, askıda kalma adresi 0x00000000.

Error - 05.06.2012 11:41:52 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Hata uygulaması wwp.exe, sürüm 1.0.0.0, hata modülü unknown, sürümü
0.0.0.0, hata adresi 0x003400f7.

Error - 06.06.2012 14:33:41 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Hata uygulaması hl.exe, sürüm 1.1.0.6, hata modülü unknown, sürümü
0.0.0.0, hata adresi 0x642e746e.

Error - 06.06.2012 14:36:57 | Computer Name = XP | Source = Application Hang | ID = 1002
Description = Askıda kalan uygulama Metin2TR.exe, sürüm 0.0.0.0, askı modülü hungapp,
sürüm 0.0.0.0, askıda kalma adresi 0x00000000.

Error - 07.06.2012 10:18:52 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Hata uygulaması chrome.exe, sürüm 19.0.1084.52, hata modülü unknown,
sürümü 0.0.0.0, hata adresi 0x00d0b21e.

Error - 09.06.2012 06:46:05 | Computer Name = XP | Source = Application Hang | ID = 1002
Description = Askıda kalan uygulama WINWORD.EXE, sürüm 12.0.6661.5000, askı modülü
hungapp, sürüm 0.0.0.0, askıda kalma adresi 0x00000000.

Error - 10.06.2012 16:14:37 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Hata uygulaması rn-lf2.exe, sürüm 0.0.0.0, hata modülü rn-lf2.exe,
sürümü 0.0.0.0, hata adresi 0x000398ac.

Error - 11.06.2012 09:08:43 | Computer Name = XP | Source = WmiAdapter | ID = 4099
Description = Hizmet açılamadı.

[ OSession Events ]
Error - 07.12.2009 15:37:38 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.12.2009 13:44:53 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.12.2009 13:45:16 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05.04.2010 13:54:52 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.07.2011 11:43:54 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.03.2012 14:06:32 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1829
seconds with 780 seconds of active time. This session ended with a crash.

Error - 01.05.2012 12:00:15 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 744
seconds with 480 seconds of active time. This session ended with a crash.

Error - 02.06.2012 14:42:04 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.06.2012 08:17:22 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04.06.2012 15:48:39 | Computer Name = XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11.06.2012 07:24:40 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = eBoostr Service hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu
şimdiye kadar 1 kez oluştu.

Error - 11.06.2012 07:24:40 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = Java Quick Starter hizmeti beklenmeyen bir şekilde sonlandırıldı.
Bu şimdiye kadar 1 kez oluştu.

Error - 11.06.2012 07:24:40 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = Pml Driver HPZ12 hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu
şimdiye kadar 1 kez oluştu.

Error - 11.06.2012 09:06:59 | Computer Name = XP | Source = Service Control Manager | ID = 7000
Description = NVIDIA Display Driver Service hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%2

Error - 11.06.2012 09:08:38 | Computer Name = XP | Source = Service Control Manager | ID = 7009
Description = WMI Performans Bağdaştırıcısı hizmetinin bağlanması beklenirken zaman
aşımı (30000 milisaniye) oldu.

Error - 11.06.2012 09:08:38 | Computer Name = XP | Source = Service Control Manager | ID = 7000
Description = WMI Performans Bağdaştırıcısı hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%1053

Error - 11.06.2012 09:08:39 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = eBoostr Service hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu
şimdiye kadar 1 kez oluştu.

Error - 11.06.2012 09:09:13 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = Pml Driver HPZ12 hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu
şimdiye kadar 1 kez oluştu.

Error - 11.06.2012 09:09:22 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = Java Quick Starter hizmeti beklenmeyen bir şekilde sonlandırıldı.
Bu şimdiye kadar 1 kez oluştu.

Error - 11.06.2012 09:09:40 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = eBoostr Service hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu
şimdiye kadar 2 kez oluştu.


< End of report >

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:25 AM

Posted 11 June 2012 - 10:21 AM

Hi,

do you know what these files do:

1server.exe.lnk - C:\Program Files\valve\platform\config\1server.exe
zserver.exe.lnk - C:\Program Files\Valve\platform\config\zserver.exe


Where do they connect to?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 11 June 2012 - 12:17 PM

I don't know... I can't see a folder called "valve" in Program Files.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:25 AM

Posted 11 June 2012 - 12:19 PM

Did you ever install something called valve? Or have you never heard of it before? Do you play games?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 11 June 2012 - 12:52 PM

I do, but mostly my brother (who is 12 and plays games) uses this computer.

Valve is the company that created games like Half Life, Counter Strike, Portal, Left 4 Dead, Team Fortress and also Steam, an app that you can download/buy games from. I think he installed Steam like a month ago on this PC.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:25 AM

Posted 12 June 2012 - 08:30 AM

Hi,

yes, that's why I was asking if you played games. In that case they are likely legit files. Just to be safe please upload the file to virustotal.com and see if they are clean:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Program Files\valve\platform\config\1server.exe
C:\Program Files\Valve\platform\config\zserver.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 12 June 2012 - 02:31 PM

This is weird... I still don't see Valve's folder in Program Files:

Posted Image

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:25 AM

Posted 13 June 2012 - 05:43 AM

Hi,

maybe the folder was deleted. Have you been uninstalling games lately? Are you still getting those connections? If so do they happen when you are torrenting or also when no torrents are being downloaded?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 g.k.

g.k.
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Istanbul, Turkey
  • Local time:06:25 AM

Posted 13 June 2012 - 11:45 AM

I have uninstalled some games to open up space lately, and also MBAM/MSE/SAS deleted/quarantined the exe files of some games, so I deleted those games too. However, Steam still seems to be installed. I don't use torrents. The MBAM message pops up at random times. I had one pop up like 4 hours before, for example. Here are the blocked IPs since the last malware detection (I can post the full protection logs if you want):

2012/06/09 10:51:37 +0300 XP Burak IP-BLOCK 173.192.194.250 (Type: outgoing)
2012/06/09 10:51:40 +0300 XP Burak IP-BLOCK 173.192.194.250 (Type: outgoing)
2012/06/09 10:51:45 +0300 XP Burak IP-BLOCK 173.192.194.250 (Type: outgoing)
2012/06/09 14:22:59 +0300 XP Burak IP-BLOCK 94.75.253.183 (Type: outgoing)
2012/06/09 14:23:02 +0300 XP Burak IP-BLOCK 94.75.253.183 (Type: outgoing)
2012/06/09 14:23:08 +0300 XP Burak IP-BLOCK 94.75.253.183 (Type: outgoing)
2012/06/09 14:23:20 +0300 XP Burak IP-BLOCK 94.75.253.181 (Type: outgoing)
2012/06/09 14:23:20 +0300 XP Burak IP-BLOCK 94.75.253.181 (Type: outgoing)
2012/06/09 14:23:23 +0300 XP Burak IP-BLOCK 94.75.253.181 (Type: outgoing)
2012/06/09 14:23:23 +0300 XP Burak IP-BLOCK 94.75.253.181 (Type: outgoing)
2012/06/09 14:23:29 +0300 XP Burak IP-BLOCK 94.75.253.181 (Type: outgoing)
2012/06/09 14:23:29 +0300 XP Burak IP-BLOCK 94.75.253.181 (Type: outgoing)
2012/06/09 14:23:41 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:23:41 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:23:44 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:23:44 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:23:50 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:23:50 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:37:24 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:37:26 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:37:27 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:37:32 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/09 14:37:33 +0300 XP Burak IP-BLOCK 94.75.253.170 (Type: outgoing)
2012/06/10 22:25:43 +0300 XP Burak IP-BLOCK 217.20.116.213 (Type: outgoing)
2012/06/10 22:25:46 +0300 XP Burak IP-BLOCK 217.20.116.213 (Type: outgoing)
2012/06/10 22:25:46 +0300 XP Burak IP-BLOCK 217.20.116.213 (Type: outgoing)
2012/06/10 22:25:52 +0300 XP Burak IP-BLOCK 217.20.116.213 (Type: outgoing)
2012/06/10 22:25:52 +0300 XP Burak IP-BLOCK 217.20.116.213 (Type: outgoing)
2012/06/11 12:09:50 +0300 XP Burak IP-BLOCK 212.95.54.201 (Type: outgoing)
2012/06/11 19:54:50 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:54:53 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:54:53 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:54:59 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:54:59 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:55:11 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:55:14 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/11 19:55:20 +0300 XP Burak IP-BLOCK 94.198.240.94 (Type: outgoing)
2012/06/13 16:13:50 +0300 XP Burak IP-BLOCK 69.6.27.100 (Type: outgoing)
2012/06/13 16:13:53 +0300 XP Burak IP-BLOCK 69.6.27.100 (Type: outgoing)
2012/06/13 16:13:58 +0300 XP Burak IP-BLOCK 69.6.27.100 (Type: outgoing)

((My timezone is GMT+2 and I live in Turkey, btw))

Edited by g.k., 13 June 2012 - 11:49 AM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:25 AM

Posted 13 June 2012 - 11:54 AM

Hi,

this looks a lot like you're connecting to individual PCs. No known malware seems to be listed on those IPs. I still think this is likely due to some sort of P2P protocol connection. What was running when you got the warning today?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users