Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pup.bundle.installer.OI infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 bradismad

bradismad

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 16 September 2012 - 10:15 PM

ok so my cpu usage for months has been spiking from 0-80%. There are no processes actually spiking in CPU usage as is shown in task manager. It is affecting my PC and making games,web, and video really slow. I did a scan and removed pup.bundle.installer.OI but I am still experienceing high cpu usage. please help. thank you




Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John Doe :: SUP [administrator]

Protection: Enabled

9/16/2012 7:45:19 PM
mbam-log-2012-09-16 (19-45-19).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 165077
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by John Doe at 2:36:04 on 2012-09-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.515 [GMT -7:00]
.
FW: ZoneAlarm Free Firewall *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Steam\Steam.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Facebook Update] "c:\documents and settings\john doe\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\documents and settings\john doe\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\\nTune.exe" clear
mRun: [ISW]
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4E009C97-0AA8-4394-8353-0C1C28589883} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john doe\application data\mozilla\firefox\profiles\mkwqaexh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - plugin: c:\documents and settings\john doe\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\john doe\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\john doe\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\john doe\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-10-26 525840]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-10-19 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-10-19 497280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-2 2348352]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-18 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-18 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]
.
=============== Created Last 30 ================
.
2012-09-09 03:36:25 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-08 03:33:14 -------- d-----w- c:\documents and settings\john doe\application data\Mount&Blade Warband
2012-09-03 06:00:03 -------- d-----w- c:\program files\1ClickDownload
2012-09-01 15:12:44 -------- d-----w- c:\documents and settings\john doe\application data\Foxit Software
2012-08-30 07:24:56 -------- d-----w- c:\windows\Logs
2012-08-30 02:32:59 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-13 20:35:32 5115584 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-08-30 05:16:42 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 2:36:30.95 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-09 03:40:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000060 WDC_WD740GD-00FLC0 rev.33.08F33
Running: 9kiogtft.exe; Driver: C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEECB12F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEECAB5CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEECCA58A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEECB1A80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEECB1BB6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEECAC1E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEECCBE3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEECCB7B2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEECCC794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEECCC99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEECABDF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEECCD72A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEECCD060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEECB0EC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEECCE0FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEECAC5A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEECCDC6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEECCAF72]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4ECC3C0, 0x95AECA, 0xE8000020]
? C:\DOCUME~1\JOHNDO~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] advapi32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\Asus Probe\AsusProb.exe[324] advapi32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\SOUNDMAN.EXE[588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[596] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RunDLL32.exe[612] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ask.com\Updater\Updater.exe[680] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[764] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Ventrilo\Ventrilo.exe[1076] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1100] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1216] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\NOTEPAD.EXE[1372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1624] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1624] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1832] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1884] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1916] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013E0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01617B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01617B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 013E3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01617AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3224] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3232] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3416] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3456] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\John Doe\My Documents\Downloads\9kiogtft.exe[3808] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Steam\Steam.exe[4040] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

Here are visuals for what I am talking about. Nothing in processes is using up what is shown in CPU usage history. And yes the cpu is definitely spiking as shown because I have a considerable loss in performance, very slow. any ideas appreciated
Posted Image
Posted Image

Edited by bradismad, 16 September 2012 - 10:20 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 17 September 2012 - 12:45 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 20 September 2012 - 12:47 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 bradismad

bradismad
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 20 September 2012 - 05:15 PM

yes I do I am so sorry. I had to fly to seattle on a whim due to my job. I will be back later tonight and from there will be fully dedicated to this thread. I am sorry to waste your time.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 20 September 2012 - 05:30 PM

no problem I hope to see you tonight



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 bradismad

bradismad
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 21 September 2012 - 06:43 AM

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Toolbar
ZoneAlarm Security
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 22
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : John Doe [Admin rights]
Mode : Remove -- Date : 09/21/2012 04:47:30

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] adwcleaner.exe -- C:\Documents and Settings\John Doe\Local Settings\Application Data\Opera\Opera\temporary_downloads\adwcleaner.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD740GD-00FLC0 +++++
--- User ---
[MBR] fa1693f68f7a473ce5e5036f3dd8ef7e
[BSP] a66322bfe9175a61c32c94ee4d7df70f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt





¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD740GD-00FLC0 +++++
--- User ---
[MBR] fa1693f68f7a473ce5e5036f3dd8ef7e
[BSP] a66322bfe9175a61c32c94ee4d7df70f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



I fixed the Hosts using rogue killer, and my firefox is a lot faster now. doesnt use up so much memory

Edited by bradismad, 21 September 2012 - 08:15 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 22 September 2012 - 07:15 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 bradismad

bradismad
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 September 2012 - 10:57 PM

20:58:10.0937 3496 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:58:11.0437 3496 ============================================================
20:58:11.0437 3496 Current date / time: 2012/09/22 20:58:11.0437
20:58:11.0437 3496 SystemInfo:
20:58:11.0437 3496
20:58:11.0437 3496 OS Version: 5.1.2600 ServicePack: 3.0
20:58:11.0437 3496 Product type: Workstation
20:58:11.0437 3496 ComputerName: SUP
20:58:11.0437 3496 UserName: John Doe
20:58:11.0437 3496 Windows directory: C:\WINDOWS
20:58:11.0437 3496 System windows directory: C:\WINDOWS
20:58:11.0437 3496 Processor architecture: Intel x86
20:58:11.0437 3496 Number of processors: 1
20:58:11.0437 3496 Page size: 0x1000
20:58:11.0437 3496 Boot type: Normal boot
20:58:11.0437 3496 ============================================================
20:58:11.0796 3496 Drive \Device\Harddisk0\DR0 - Size: 0x114FF30000 (69.25 Gb), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:58:11.0875 3496 ============================================================
20:58:11.0875 3496 \Device\Harddisk0\DR0:
20:58:11.0875 3496 MBR partitions:
20:58:11.0875 3496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
20:58:11.0875 3496 ============================================================
20:58:11.0890 3496 C: <-> \Device\Harddisk0\DR0\Partition1
20:58:11.0890 3496 ============================================================
20:58:11.0890 3496 Initialize success
20:58:11.0890 3496 ============================================================
20:58:26.0718 3608 ============================================================
20:58:26.0718 3608 Scan started
20:58:26.0718 3608 Mode: Manual;
20:58:26.0718 3608 ============================================================
20:58:26.0984 3608 ================ Scan system memory ========================
20:58:26.0984 3608 System memory - ok
20:58:26.0984 3608 ================ Scan services =============================
20:58:27.0031 3608 Abiosdsk - ok
20:58:27.0046 3608 abp480n5 - ok
20:58:27.0062 3608 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:58:27.0078 3608 ACPI - ok
20:58:27.0093 3608 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:58:27.0093 3608 ACPIEC - ok
20:58:27.0093 3608 adpu160m - ok
20:58:27.0109 3608 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:58:27.0125 3608 aec - ok
20:58:27.0140 3608 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:58:27.0140 3608 AFD - ok
20:58:27.0156 3608 Aha154x - ok
20:58:27.0156 3608 aic78u2 - ok
20:58:27.0171 3608 aic78xx - ok
20:58:27.0234 3608 [ 933933288DF5ED26D1928215C97D05C7 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:58:27.0281 3608 ALCXWDM - ok
20:58:27.0312 3608 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:58:27.0312 3608 Alerter - ok
20:58:27.0328 3608 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:58:27.0328 3608 ALG - ok
20:58:27.0328 3608 AliIde - ok
20:58:27.0343 3608 amsint - ok
20:58:27.0343 3608 AppMgmt - ok
20:58:27.0359 3608 asc - ok
20:58:27.0359 3608 asc3350p - ok
20:58:27.0375 3608 asc3550 - ok
20:58:27.0390 3608 [ 71356A1370739E25375A1D17B6AE318F ] aslm75 C:\WINDOWS\system32\drivers\aslm75.sys
20:58:27.0390 3608 aslm75 - ok
20:58:27.0437 3608 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
20:58:27.0437 3608 aspnet_state - ok
20:58:27.0437 3608 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:58:27.0437 3608 AsyncMac - ok
20:58:27.0453 3608 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:58:27.0453 3608 atapi - ok
20:58:27.0468 3608 Atdisk - ok
20:58:27.0484 3608 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:58:27.0484 3608 Atmarpc - ok
20:58:27.0515 3608 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:58:27.0515 3608 AudioSrv - ok
20:58:27.0531 3608 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:58:27.0531 3608 audstub - ok
20:58:27.0546 3608 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:58:27.0546 3608 Beep - ok
20:58:27.0578 3608 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:58:27.0578 3608 BITS - ok
20:58:27.0609 3608 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:58:27.0609 3608 Browser - ok
20:58:27.0625 3608 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
20:58:27.0625 3608 BrScnUsb - ok
20:58:27.0656 3608 [ D48C13F4A409AEE8DAFADDAC81E34557 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
20:58:27.0656 3608 BrSerIf - ok
20:58:27.0671 3608 [ 8FA0AC830A8312912A3AA0C0431CBA0D ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
20:58:27.0671 3608 BrUsbSer - ok
20:58:27.0687 3608 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:58:27.0687 3608 cbidf2k - ok
20:58:27.0703 3608 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:58:27.0703 3608 CCDECODE - ok
20:58:27.0703 3608 cd20xrnt - ok
20:58:27.0734 3608 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:58:27.0734 3608 Cdaudio - ok
20:58:27.0734 3608 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:58:27.0734 3608 Cdfs - ok
20:58:27.0750 3608 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:58:27.0750 3608 Cdrom - ok
20:58:27.0765 3608 Changer - ok
20:58:27.0796 3608 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:58:27.0796 3608 CiSvc - ok
20:58:27.0812 3608 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:58:27.0812 3608 ClipSrv - ok
20:58:27.0828 3608 CmdIde - ok
20:58:27.0890 3608 [ FED3549F39ED71EB00EEE062151EA47B ] Common Toolkit Tools C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
20:58:27.0906 3608 Common Toolkit Tools - ok
20:58:27.0906 3608 COMSysApp - ok
20:58:27.0921 3608 Cpqarray - ok
20:58:27.0953 3608 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:58:27.0953 3608 CryptSvc - ok
20:58:27.0953 3608 dac2w2k - ok
20:58:27.0968 3608 dac960nt - ok
20:58:28.0000 3608 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:58:28.0000 3608 DcomLaunch - ok
20:58:28.0015 3608 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:58:28.0015 3608 Dhcp - ok
20:58:28.0031 3608 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:58:28.0031 3608 Disk - ok
20:58:28.0031 3608 dmadmin - ok
20:58:28.0062 3608 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:58:28.0093 3608 dmboot - ok
20:58:28.0109 3608 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:58:28.0109 3608 dmio - ok
20:58:28.0125 3608 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:58:28.0125 3608 dmload - ok
20:58:28.0140 3608 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:58:28.0140 3608 dmserver - ok
20:58:28.0140 3608 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:58:28.0156 3608 DMusic - ok
20:58:28.0171 3608 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:58:28.0171 3608 Dnscache - ok
20:58:28.0218 3608 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:58:28.0218 3608 Dot3svc - ok
20:58:28.0218 3608 dpti2o - ok
20:58:28.0234 3608 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:58:28.0234 3608 drmkaud - ok
20:58:28.0265 3608 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:58:28.0265 3608 EapHost - ok
20:58:28.0281 3608 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:58:28.0281 3608 ERSvc - ok
20:58:28.0312 3608 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:58:28.0312 3608 Eventlog - ok
20:58:28.0343 3608 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:58:28.0343 3608 EventSystem - ok
20:58:28.0359 3608 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:58:28.0359 3608 Fastfat - ok
20:58:28.0375 3608 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:58:28.0390 3608 FastUserSwitchingCompatibility - ok
20:58:28.0390 3608 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:58:28.0406 3608 Fdc - ok
20:58:28.0406 3608 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:58:28.0406 3608 Fips - ok
20:58:28.0421 3608 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:58:28.0421 3608 Flpydisk - ok
20:58:28.0453 3608 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:58:28.0453 3608 FltMgr - ok
20:58:28.0468 3608 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:58:28.0468 3608 Fs_Rec - ok
20:58:28.0468 3608 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:58:28.0468 3608 Ftdisk - ok
20:58:28.0484 3608 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:58:28.0484 3608 gameenum - ok
20:58:28.0500 3608 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:58:28.0500 3608 Gpc - ok
20:58:28.0531 3608 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:58:28.0546 3608 gupdate - ok
20:58:28.0546 3608 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:58:28.0546 3608 gupdatem - ok
20:58:28.0593 3608 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:58:28.0593 3608 helpsvc - ok
20:58:28.0609 3608 HidServ - ok
20:58:28.0609 3608 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:58:28.0609 3608 hidusb - ok
20:58:28.0640 3608 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:58:28.0640 3608 hkmsvc - ok
20:58:28.0656 3608 hpn - ok
20:58:28.0687 3608 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:58:28.0687 3608 HTTP - ok
20:58:28.0703 3608 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:58:28.0718 3608 HTTPFilter - ok
20:58:28.0718 3608 i2omgmt - ok
20:58:28.0734 3608 i2omp - ok
20:58:28.0734 3608 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:58:28.0734 3608 i8042prt - ok
20:58:28.0750 3608 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:58:28.0750 3608 Imapi - ok
20:58:28.0781 3608 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:58:28.0781 3608 ImapiService - ok
20:58:28.0796 3608 ini910u - ok
20:58:28.0796 3608 IntelIde - ok
20:58:28.0812 3608 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:58:28.0812 3608 Ip6Fw - ok
20:58:28.0828 3608 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:58:28.0828 3608 IpFilterDriver - ok
20:58:28.0843 3608 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:58:28.0843 3608 IpInIp - ok
20:58:28.0859 3608 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:58:28.0859 3608 IpNat - ok
20:58:28.0875 3608 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:58:28.0875 3608 IPSec - ok
20:58:28.0890 3608 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:58:28.0890 3608 IRENUM - ok
20:58:28.0890 3608 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:58:28.0906 3608 isapnp - ok
20:58:28.0937 3608 [ D3EF8CD04B45CC0AC1FBEF7C200DBBB4 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:58:28.0937 3608 ISWKL - ok
20:58:28.0968 3608 [ A3AF544146034B8FA950AA1FBFF025DC ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
20:58:28.0968 3608 IswSvc - ok
20:58:29.0031 3608 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:58:29.0031 3608 JavaQuickStarterService - ok
20:58:29.0046 3608 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:58:29.0046 3608 Kbdclass - ok
20:58:29.0062 3608 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:58:29.0062 3608 kmixer - ok
20:58:29.0078 3608 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:58:29.0078 3608 KSecDD - ok
20:58:29.0093 3608 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:58:29.0109 3608 lanmanserver - ok
20:58:29.0125 3608 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:58:29.0125 3608 lanmanworkstation - ok
20:58:29.0125 3608 lbrtfdc - ok
20:58:29.0156 3608 [ 03976C309EDE05D39017C05B817CD94F ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
20:58:29.0156 3608 LHidFlt2 - ok
20:58:29.0171 3608 [ 25688115843C4028686A96D88BC28007 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
20:58:29.0171 3608 LHidUsb - ok
20:58:29.0187 3608 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:58:29.0187 3608 LmHosts - ok
20:58:29.0203 3608 [ 26407519FCA64EC4091FE1F815B4AFC4 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
20:58:29.0203 3608 LMouFlt2 - ok
20:58:29.0218 3608 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:58:29.0218 3608 MBAMProtector - ok
20:58:29.0250 3608 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:58:29.0265 3608 MBAMScheduler - ok
20:58:29.0296 3608 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:58:29.0312 3608 MBAMService - ok
20:58:29.0328 3608 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:58:29.0328 3608 Messenger - ok
20:58:29.0359 3608 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:58:29.0359 3608 Microsoft Office Groove Audit Service - ok
20:58:29.0390 3608 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:58:29.0390 3608 mnmdd - ok
20:58:29.0406 3608 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:58:29.0406 3608 mnmsrvc - ok
20:58:29.0421 3608 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:58:29.0421 3608 Modem - ok
20:58:29.0437 3608 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:58:29.0437 3608 Mouclass - ok
20:58:29.0453 3608 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:58:29.0453 3608 mouhid - ok
20:58:29.0468 3608 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:58:29.0468 3608 MountMgr - ok
20:58:29.0500 3608 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:58:29.0500 3608 MozillaMaintenance - ok
20:58:29.0500 3608 mraid35x - ok
20:58:29.0515 3608 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:58:29.0515 3608 MRxDAV - ok
20:58:29.0546 3608 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:58:29.0562 3608 MRxSmb - ok
20:58:29.0578 3608 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:58:29.0578 3608 MSDTC - ok
20:58:29.0593 3608 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:58:29.0593 3608 Msfs - ok
20:58:29.0593 3608 MSIServer - ok
20:58:29.0609 3608 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:58:29.0609 3608 MSKSSRV - ok
20:58:29.0625 3608 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:58:29.0625 3608 MSPCLOCK - ok
20:58:29.0625 3608 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:58:29.0625 3608 MSPQM - ok
20:58:29.0640 3608 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:58:29.0640 3608 mssmbios - ok
20:58:29.0656 3608 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:58:29.0656 3608 MSTEE - ok
20:58:29.0671 3608 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
20:58:29.0671 3608 ms_mpu401 - ok
20:58:29.0687 3608 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
20:58:29.0687 3608 MTsensor - ok
20:58:29.0703 3608 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:58:29.0703 3608 Mup - ok
20:58:29.0718 3608 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:58:29.0734 3608 NABTSFEC - ok
20:58:29.0750 3608 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:58:29.0765 3608 napagent - ok
20:58:29.0765 3608 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:58:29.0765 3608 NDIS - ok
20:58:29.0781 3608 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:58:29.0781 3608 NdisIP - ok
20:58:29.0796 3608 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:58:29.0796 3608 NdisTapi - ok
20:58:29.0812 3608 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:58:29.0812 3608 Ndisuio - ok
20:58:29.0828 3608 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:58:29.0828 3608 NdisWan - ok
20:58:29.0859 3608 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:58:29.0859 3608 NDProxy - ok
20:58:29.0875 3608 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:58:29.0875 3608 NetBIOS - ok
20:58:29.0890 3608 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:58:29.0890 3608 NetBT - ok
20:58:29.0921 3608 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:58:29.0921 3608 NetDDE - ok
20:58:29.0921 3608 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:58:29.0921 3608 NetDDEdsdm - ok
20:58:29.0953 3608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:58:29.0953 3608 Netlogon - ok
20:58:29.0968 3608 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:58:29.0968 3608 Netman - ok
20:58:29.0984 3608 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:58:29.0984 3608 Nla - ok
20:58:30.0000 3608 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:58:30.0000 3608 Npfs - ok
20:58:30.0031 3608 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:58:30.0031 3608 Ntfs - ok
20:58:30.0046 3608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:58:30.0046 3608 NtLmSsp - ok
20:58:30.0062 3608 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:58:30.0078 3608 NtmsSvc - ok
20:58:30.0093 3608 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:58:30.0093 3608 Null - ok
20:58:30.0390 3608 [ 774A0D43912F75DA99D32F2D9E6A674C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:58:30.0625 3608 nv - ok
20:58:30.0640 3608 [ DCE353985C988BFB7E84FD942068151F ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
20:58:30.0640 3608 nvata - ok
20:58:30.0656 3608 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:58:30.0671 3608 NVENETFD - ok
20:58:30.0671 3608 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:58:30.0671 3608 nvnetbus - ok
20:58:30.0703 3608 [ 6B665BDA473E2888A036D0BA5663B5A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:58:30.0703 3608 NVSvc - ok
20:58:30.0765 3608 [ 8BB901D3DBD7CA15C4D9F1EC98927379 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:58:30.0796 3608 nvUpdatusService - ok
20:58:30.0828 3608 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:58:30.0828 3608 NwlnkFlt - ok
20:58:30.0828 3608 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:58:30.0828 3608 NwlnkFwd - ok
20:58:30.0906 3608 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:58:30.0921 3608 odserv - ok
20:58:30.0937 3608 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:30.0937 3608 ose - ok
20:58:30.0968 3608 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:58:30.0968 3608 Parport - ok
20:58:30.0984 3608 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:58:30.0984 3608 PartMgr - ok
20:58:31.0000 3608 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:58:31.0000 3608 ParVdm - ok
20:58:31.0031 3608 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:58:31.0031 3608 PCI - ok
20:58:31.0031 3608 PCIDump - ok
20:58:31.0046 3608 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:58:31.0046 3608 PCIIde - ok
20:58:31.0062 3608 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:58:31.0062 3608 Pcmcia - ok
20:58:31.0062 3608 PDCOMP - ok
20:58:31.0078 3608 PDFRAME - ok
20:58:31.0078 3608 PDRELI - ok
20:58:31.0093 3608 PDRFRAME - ok
20:58:31.0093 3608 perc2 - ok
20:58:31.0109 3608 perc2hib - ok
20:58:31.0125 3608 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:58:31.0125 3608 PlugPlay - ok
20:58:31.0156 3608 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
20:58:31.0156 3608 PnkBstrA - ok
20:58:31.0171 3608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:58:31.0171 3608 PolicyAgent - ok
20:58:31.0187 3608 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:58:31.0187 3608 PptpMiniport - ok
20:58:31.0218 3608 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:58:31.0218 3608 Processor - ok
20:58:31.0218 3608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:58:31.0218 3608 ProtectedStorage - ok
20:58:31.0234 3608 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:58:31.0234 3608 PSched - ok
20:58:31.0250 3608 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:58:31.0250 3608 Ptilink - ok
20:58:31.0265 3608 ql1080 - ok
20:58:31.0265 3608 Ql10wnt - ok
20:58:31.0281 3608 ql12160 - ok
20:58:31.0281 3608 ql1240 - ok
20:58:31.0296 3608 ql1280 - ok
20:58:31.0296 3608 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:58:31.0296 3608 RasAcd - ok
20:58:31.0328 3608 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:58:31.0328 3608 RasAuto - ok
20:58:31.0343 3608 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:58:31.0343 3608 Rasl2tp - ok
20:58:31.0375 3608 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:58:31.0390 3608 RasMan - ok
20:58:31.0390 3608 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:58:31.0390 3608 RasPppoe - ok
20:58:31.0406 3608 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:58:31.0406 3608 Raspti - ok
20:58:31.0421 3608 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:58:31.0421 3608 Rdbss - ok
20:58:31.0437 3608 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:58:31.0437 3608 RDPCDD - ok
20:58:31.0468 3608 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:58:31.0468 3608 RDPWD - ok
20:58:31.0484 3608 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:58:31.0484 3608 RDSessMgr - ok
20:58:31.0500 3608 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:58:31.0500 3608 redbook - ok
20:58:31.0531 3608 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:58:31.0531 3608 RemoteAccess - ok
20:58:31.0546 3608 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:58:31.0546 3608 RpcLocator - ok
20:58:31.0562 3608 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:58:31.0562 3608 RpcSs - ok
20:58:31.0593 3608 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:58:31.0593 3608 RSVP - ok
20:58:31.0609 3608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:58:31.0609 3608 SamSs - ok
20:58:31.0625 3608 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:58:31.0625 3608 SCardSvr - ok
20:58:31.0656 3608 [ 9A8925F0E6919272A768D7C42232AA3A ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
20:58:31.0656 3608 SCDEmu - ok
20:58:31.0671 3608 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:58:31.0687 3608 Schedule - ok
20:58:31.0750 3608 [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
20:58:31.0781 3608 SDScannerService - ok
20:58:31.0843 3608 [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:58:31.0875 3608 SDUpdateService - ok
20:58:31.0906 3608 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:58:31.0906 3608 Secdrv - ok
20:58:31.0906 3608 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:58:31.0906 3608 seclogon - ok
20:58:31.0921 3608 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:58:31.0921 3608 SENS - ok
20:58:31.0937 3608 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:58:31.0937 3608 serenum - ok
20:58:31.0953 3608 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:58:31.0953 3608 Serial - ok
20:58:31.0984 3608 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:58:31.0984 3608 Sfloppy - ok
20:58:32.0015 3608 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:58:32.0015 3608 SharedAccess - ok
20:58:32.0031 3608 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:58:32.0031 3608 ShellHWDetection - ok
20:58:32.0046 3608 Simbad - ok
20:58:32.0171 3608 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:58:32.0234 3608 Skype C2C Service - ok
20:58:32.0265 3608 [ 8C5477EB1C03CA76CD8EB66A610A9E90 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:58:32.0265 3608 SkypeUpdate - ok
20:58:32.0281 3608 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:58:32.0281 3608 SLIP - ok
20:58:32.0296 3608 Sparrow - ok
20:58:32.0312 3608 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:58:32.0312 3608 splitter - ok
20:58:32.0328 3608 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:58:32.0328 3608 Spooler - ok
20:58:32.0359 3608 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:58:32.0359 3608 sr - ok
20:58:32.0375 3608 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:58:32.0375 3608 srservice - ok
20:58:32.0406 3608 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:58:32.0406 3608 Srv - ok
20:58:32.0421 3608 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:58:32.0421 3608 SSDPSRV - ok
20:58:32.0437 3608 Steam Client Service - ok
20:58:32.0468 3608 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:58:32.0484 3608 stisvc - ok
20:58:32.0500 3608 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:58:32.0500 3608 streamip - ok
20:58:32.0562 3608 [ 8D244018E1268C6E0345DF087BFAE422 ] Suite Service C:\Program Files\Fighters\FighterSuiteService.exe
20:58:32.0593 3608 Suite Service - ok
20:58:32.0609 3608 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:58:32.0609 3608 swenum - ok
20:58:32.0609 3608 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:58:32.0625 3608 swmidi - ok
20:58:32.0625 3608 SwPrv - ok
20:58:32.0640 3608 symc810 - ok
20:58:32.0640 3608 symc8xx - ok
20:58:32.0656 3608 sym_hi - ok
20:58:32.0656 3608 sym_u3 - ok
20:58:32.0671 3608 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:58:32.0671 3608 sysaudio - ok
20:58:32.0703 3608 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:58:32.0703 3608 SysmonLog - ok
20:58:32.0734 3608 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
20:58:32.0734 3608 taphss - ok
20:58:32.0750 3608 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:58:32.0750 3608 TapiSrv - ok
20:58:32.0781 3608 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:58:32.0781 3608 Tcpip - ok
20:58:32.0812 3608 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:58:32.0812 3608 TDPIPE - ok
20:58:32.0812 3608 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:58:32.0812 3608 TDTCP - ok
20:58:32.0828 3608 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:58:32.0828 3608 TermDD - ok
20:58:32.0859 3608 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:58:32.0859 3608 TermService - ok
20:58:32.0875 3608 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:58:32.0875 3608 Themes - ok
20:58:32.0890 3608 TosIde - ok
20:58:32.0890 3608 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:58:32.0906 3608 TrkWks - ok
20:58:32.0906 3608 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:58:32.0921 3608 Udfs - ok
20:58:32.0921 3608 ultra - ok
20:58:32.0953 3608 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:58:32.0953 3608 Update - ok
20:58:32.0984 3608 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:58:32.0984 3608 upnphost - ok
20:58:33.0000 3608 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:58:33.0000 3608 UPS - ok
20:58:33.0015 3608 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:58:33.0015 3608 usbccgp - ok
20:58:33.0031 3608 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:58:33.0031 3608 usbehci - ok
20:58:33.0046 3608 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:58:33.0046 3608 usbhub - ok
20:58:33.0046 3608 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:58:33.0046 3608 usbohci - ok
20:58:33.0062 3608 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:58:33.0062 3608 usbprint - ok
20:58:33.0078 3608 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:58:33.0078 3608 USBSTOR - ok
20:58:33.0093 3608 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:58:33.0109 3608 usbvideo - ok
20:58:33.0109 3608 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:58:33.0109 3608 VgaSave - ok
20:58:33.0125 3608 ViaIde - ok
20:58:33.0125 3608 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:58:33.0140 3608 VolSnap - ok
20:58:33.0171 3608 [ 5ACE801EF0283EDF00274EAB7F63774F ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
20:58:33.0171 3608 Vsdatant - ok
20:58:33.0203 3608 vsmon - ok
20:58:33.0234 3608 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:58:33.0234 3608 VSS - ok
20:58:33.0250 3608 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:58:33.0265 3608 W32Time - ok
20:58:33.0265 3608 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:58:33.0265 3608 Wanarp - ok
20:58:33.0281 3608 WDICA - ok
20:58:33.0296 3608 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:58:33.0296 3608 wdmaud - ok
20:58:33.0312 3608 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:58:33.0312 3608 WebClient - ok
20:58:33.0343 3608 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:58:33.0359 3608 winmgmt - ok
20:58:33.0390 3608 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:58:33.0390 3608 WmdmPmSN - ok
20:58:33.0421 3608 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:58:33.0421 3608 WmiApSrv - ok
20:58:33.0468 3608 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:58:33.0484 3608 WMPNetworkSvc - ok
20:58:33.0515 3608 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:58:33.0515 3608 wscsvc - ok
20:58:33.0531 3608 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:58:33.0531 3608 WSTCODEC - ok
20:58:33.0546 3608 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:58:33.0546 3608 wuauserv - ok
20:58:33.0562 3608 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:58:33.0562 3608 WudfPf - ok
20:58:33.0578 3608 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:58:33.0578 3608 WudfRd - ok
20:58:33.0593 3608 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:58:33.0593 3608 WudfSvc - ok
20:58:33.0640 3608 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:58:33.0640 3608 WZCSVC - ok
20:58:33.0656 3608 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:58:33.0656 3608 xmlprov - ok
20:58:33.0671 3608 ================ Scan global ===============================
20:58:33.0687 3608 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:58:33.0703 3608 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:58:33.0718 3608 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:58:33.0750 3608 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:58:33.0750 3608 [Global] - ok
20:58:33.0750 3608 ================ Scan MBR ==================================
20:58:33.0765 3608 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:58:33.0812 3608 \Device\Harddisk0\DR0 - ok
20:58:33.0828 3608 ================ Scan VBR ==================================
20:58:33.0828 3608 [ A35EAD92F8FB02EB1A9C017B7BF152C9 ] \Device\Harddisk0\DR0\Partition1
20:58:33.0828 3608 \Device\Harddisk0\DR0\Partition1 - ok
20:58:33.0828 3608 ============================================================
20:58:33.0828 3608 Scan finished
20:58:33.0828 3608 ============================================================
20:58:33.0843 3632 Detected object count: 0
20:58:33.0843 3632 Actual detected object count: 0
21:00:30.0562 3700 ============================================================
21:00:30.0562 3700 Scan started
21:00:30.0562 3700 Mode: Manual;
21:00:30.0562 3700 ============================================================
21:00:30.0593 3700 ================ Scan system memory ========================
21:00:30.0593 3700 Scan interrupted by user!
21:00:30.0593 3700 ================ Scan services =============================
21:00:30.0593 3700 Scan interrupted by user!
21:00:30.0593 3700 ================ Scan global ===============================
21:00:30.0593 3700 Scan interrupted by user!
21:00:30.0593 3700 ================ Scan MBR ==================================
21:00:30.0593 3700 Scan interrupted by user!
21:00:30.0593 3700 ================ Scan VBR ==================================
21:00:30.0593 3700 Scan interrupted by user!
21:00:30.0593 3700 ============================================================
21:00:30.0593 3700 Scan finished
21:00:30.0593 3700 ============================================================
21:00:30.0609 3676 Detected object count: 0
21:00:30.0609 3676 Actual detected object count: 0
21:00:31.0296 3768 ============================================================
21:00:31.0296 3768 Scan started
21:00:31.0296 3768 Mode: Manual;
21:00:31.0296 3768 ============================================================
21:00:31.0328 3768 ================ Scan system memory ========================
21:00:31.0328 3768 System memory - ok
21:00:31.0328 3768 ================ Scan services =============================
21:00:31.0390 3768 Abiosdsk - ok
21:00:31.0390 3768 abp480n5 - ok
21:00:31.0406 3768 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:00:31.0406 3768 ACPI - ok
21:00:31.0421 3768 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:00:31.0421 3768 ACPIEC - ok
21:00:31.0421 3768 adpu160m - ok
21:00:31.0453 3768 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:00:31.0453 3768 aec - ok
21:00:31.0468 3768 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:00:31.0468 3768 AFD - ok
21:00:31.0484 3768 Aha154x - ok
21:00:31.0500 3768 aic78u2 - ok
21:00:31.0500 3768 aic78xx - ok
21:00:31.0562 3768 [ 933933288DF5ED26D1928215C97D05C7 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:00:31.0578 3768 ALCXWDM - ok
21:00:31.0609 3768 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:00:31.0609 3768 Alerter - ok
21:00:31.0625 3768 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:00:31.0625 3768 ALG - ok
21:00:31.0625 3768 AliIde - ok
21:00:31.0640 3768 amsint - ok
21:00:31.0640 3768 AppMgmt - ok
21:00:31.0656 3768 asc - ok
21:00:31.0656 3768 asc3350p - ok
21:00:31.0671 3768 asc3550 - ok
21:00:31.0687 3768 [ 71356A1370739E25375A1D17B6AE318F ] aslm75 C:\WINDOWS\system32\drivers\aslm75.sys
21:00:31.0687 3768 aslm75 - ok
21:00:31.0734 3768 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
21:00:31.0734 3768 aspnet_state - ok
21:00:31.0734 3768 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:00:31.0734 3768 AsyncMac - ok
21:00:31.0750 3768 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:00:31.0750 3768 atapi - ok
21:00:31.0750 3768 Atdisk - ok
21:00:31.0765 3768 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:00:31.0781 3768 Atmarpc - ok
21:00:31.0781 3768 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:00:31.0781 3768 AudioSrv - ok
21:00:31.0812 3768 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:00:31.0812 3768 audstub - ok
21:00:31.0828 3768 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:00:31.0828 3768 Beep - ok
21:00:31.0859 3768 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:00:31.0859 3768 BITS - ok
21:00:31.0890 3768 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:00:31.0890 3768 Browser - ok
21:00:31.0906 3768 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:00:31.0906 3768 BrScnUsb - ok
21:00:31.0921 3768 [ D48C13F4A409AEE8DAFADDAC81E34557 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
21:00:31.0921 3768 BrSerIf - ok
21:00:31.0937 3768 [ 8FA0AC830A8312912A3AA0C0431CBA0D ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
21:00:31.0937 3768 BrUsbSer - ok
21:00:31.0953 3768 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:00:31.0953 3768 cbidf2k - ok
21:00:31.0968 3768 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:00:31.0968 3768 CCDECODE - ok
21:00:31.0968 3768 cd20xrnt - ok
21:00:31.0984 3768 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:00:31.0984 3768 Cdaudio - ok
21:00:32.0000 3768 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:00:32.0000 3768 Cdfs - ok
21:00:32.0015 3768 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:00:32.0015 3768 Cdrom - ok
21:00:32.0015 3768 Changer - ok
21:00:32.0031 3768 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:00:32.0031 3768 CiSvc - ok
21:00:32.0046 3768 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:00:32.0046 3768 ClipSrv - ok
21:00:32.0062 3768 CmdIde - ok
21:00:32.0109 3768 [ FED3549F39ED71EB00EEE062151EA47B ] Common Toolkit Tools C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
21:00:32.0109 3768 Common Toolkit Tools - ok
21:00:32.0125 3768 COMSysApp - ok
21:00:32.0140 3768 Cpqarray - ok
21:00:32.0156 3768 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:00:32.0156 3768 CryptSvc - ok
21:00:32.0156 3768 dac2w2k - ok
21:00:32.0171 3768 dac960nt - ok
21:00:32.0203 3768 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:00:32.0203 3768 DcomLaunch - ok
21:00:32.0218 3768 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:00:32.0218 3768 Dhcp - ok
21:00:32.0234 3768 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:00:32.0234 3768 Disk - ok
21:00:32.0234 3768 dmadmin - ok
21:00:32.0281 3768 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:00:32.0281 3768 dmboot - ok
21:00:32.0296 3768 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:00:32.0296 3768 dmio - ok
21:00:32.0312 3768 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:00:32.0312 3768 dmload - ok
21:00:32.0328 3768 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:00:32.0328 3768 dmserver - ok
21:00:32.0343 3768 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:00:32.0343 3768 DMusic - ok
21:00:32.0359 3768 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:00:32.0359 3768 Dnscache - ok
21:00:32.0390 3768 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:00:32.0390 3768 Dot3svc - ok
21:00:32.0390 3768 dpti2o - ok
21:00:32.0406 3768 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:00:32.0406 3768 drmkaud - ok
21:00:32.0421 3768 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:00:32.0421 3768 EapHost - ok
21:00:32.0453 3768 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:00:32.0453 3768 ERSvc - ok
21:00:32.0468 3768 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:00:32.0468 3768 Eventlog - ok
21:00:32.0484 3768 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:00:32.0484 3768 EventSystem - ok
21:00:32.0500 3768 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:00:32.0500 3768 Fastfat - ok
21:00:32.0531 3768 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:00:32.0531 3768 FastUserSwitchingCompatibility - ok
21:00:32.0546 3768 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:00:32.0546 3768 Fdc - ok
21:00:32.0562 3768 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:00:32.0562 3768 Fips - ok
21:00:32.0578 3768 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:00:32.0578 3768 Flpydisk - ok
21:00:32.0609 3768 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:00:32.0609 3768 FltMgr - ok
21:00:32.0625 3768 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:00:32.0625 3768 Fs_Rec - ok
21:00:32.0625 3768 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:00:32.0625 3768 Ftdisk - ok
21:00:32.0640 3768 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:00:32.0640 3768 gameenum - ok
21:00:32.0656 3768 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:00:32.0656 3768 Gpc - ok
21:00:32.0687 3768 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:32.0687 3768 gupdate - ok
21:00:32.0703 3768 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:32.0703 3768 gupdatem - ok
21:00:32.0734 3768 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:00:32.0734 3768 helpsvc - ok
21:00:32.0750 3768 HidServ - ok
21:00:32.0750 3768 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:00:32.0750 3768 hidusb - ok
21:00:32.0781 3768 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:00:32.0781 3768 hkmsvc - ok
21:00:32.0781 3768 hpn - ok
21:00:32.0812 3768 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:00:32.0812 3768 HTTP - ok
21:00:32.0843 3768 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:00:32.0843 3768 HTTPFilter - ok
21:00:32.0843 3768 i2omgmt - ok
21:00:32.0859 3768 i2omp - ok
21:00:32.0859 3768 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:00:32.0859 3768 i8042prt - ok
21:00:32.0875 3768 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:00:32.0875 3768 Imapi - ok
21:00:32.0906 3768 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:00:32.0906 3768 ImapiService - ok
21:00:32.0921 3768 ini910u - ok
21:00:32.0921 3768 IntelIde - ok
21:00:32.0937 3768 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:00:32.0937 3768 Ip6Fw - ok
21:00:32.0953 3768 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:00:32.0953 3768 IpFilterDriver - ok
21:00:32.0968 3768 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:00:32.0968 3768 IpInIp - ok
21:00:32.0984 3768 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:00:32.0984 3768 IpNat - ok
21:00:33.0000 3768 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:00:33.0000 3768 IPSec - ok
21:00:33.0000 3768 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:00:33.0000 3768 IRENUM - ok
21:00:33.0015 3768 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:00:33.0015 3768 isapnp - ok
21:00:33.0062 3768 [ D3EF8CD04B45CC0AC1FBEF7C200DBBB4 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
21:00:33.0062 3768 ISWKL - ok
21:00:33.0093 3768 [ A3AF544146034B8FA950AA1FBFF025DC ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
21:00:33.0093 3768 IswSvc - ok
21:00:33.0140 3768 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:00:33.0140 3768 JavaQuickStarterService - ok
21:00:33.0156 3768 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:00:33.0156 3768 Kbdclass - ok
21:00:33.0171 3768 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:00:33.0171 3768 kmixer - ok
21:00:33.0187 3768 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:00:33.0187 3768 KSecDD - ok
21:00:33.0203 3768 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:00:33.0218 3768 lanmanserver - ok
21:00:33.0234 3768 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:00:33.0234 3768 lanmanworkstation - ok
21:00:33.0234 3768 lbrtfdc - ok
21:00:33.0265 3768 [ 03976C309EDE05D39017C05B817CD94F ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
21:00:33.0265 3768 LHidFlt2 - ok
21:00:33.0281 3768 [ 25688115843C4028686A96D88BC28007 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
21:00:33.0281 3768 LHidUsb - ok
21:00:33.0296 3768 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:00:33.0296 3768 LmHosts - ok
21:00:33.0312 3768 [ 26407519FCA64EC4091FE1F815B4AFC4 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
21:00:33.0312 3768 LMouFlt2 - ok
21:00:33.0343 3768 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:00:33.0343 3768 MBAMProtector - ok
21:00:33.0375 3768 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:00:33.0375 3768 MBAMScheduler - ok
21:00:33.0406 3768 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:00:33.0421 3768 MBAMService - ok
21:00:33.0421 3768 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:00:33.0437 3768 Messenger - ok
21:00:33.0484 3768 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:00:33.0484 3768 Microsoft Office Groove Audit Service - ok
21:00:33.0500 3768 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:00:33.0500 3768 mnmdd - ok
21:00:33.0531 3768 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:00:33.0531 3768 mnmsrvc - ok
21:00:33.0546 3768 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:00:33.0562 3768 Modem - ok
21:00:33.0562 3768 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:00:33.0578 3768 Mouclass - ok
21:00:33.0593 3768 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:00:33.0593 3768 mouhid - ok
21:00:33.0609 3768 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:00:33.0609 3768 MountMgr - ok
21:00:33.0625 3768 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:00:33.0625 3768 MozillaMaintenance - ok
21:00:33.0640 3768 mraid35x - ok
21:00:33.0640 3768 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:00:33.0640 3768 MRxDAV - ok
21:00:33.0671 3768 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:00:33.0687 3768 MRxSmb - ok
21:00:33.0687 3768 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:00:33.0687 3768 MSDTC - ok
21:00:33.0703 3768 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:00:33.0703 3768 Msfs - ok
21:00:33.0703 3768 MSIServer - ok
21:00:33.0718 3768 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:00:33.0718 3768 MSKSSRV - ok
21:00:33.0734 3768 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:00:33.0734 3768 MSPCLOCK - ok
21:00:33.0734 3768 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:00:33.0734 3768 MSPQM - ok
21:00:33.0750 3768 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:00:33.0750 3768 mssmbios - ok
21:00:33.0765 3768 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:00:33.0765 3768 MSTEE - ok
21:00:33.0781 3768 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
21:00:33.0781 3768 ms_mpu401 - ok
21:00:33.0812 3768 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:00:33.0812 3768 MTsensor - ok
21:00:33.0828 3768 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:00:33.0828 3768 Mup - ok
21:00:33.0843 3768 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:00:33.0843 3768 NABTSFEC - ok
21:00:33.0875 3768 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:00:33.0875 3768 napagent - ok
21:00:33.0875 3768 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:00:33.0875 3768 NDIS - ok
21:00:33.0890 3768 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:00:33.0890 3768 NdisIP - ok
21:00:33.0906 3768 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:00:33.0906 3768 NdisTapi - ok
21:00:33.0921 3768 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:00:33.0921 3768 Ndisuio - ok
21:00:33.0937 3768 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:00:33.0937 3768 NdisWan - ok
21:00:33.0968 3768 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:00:33.0968 3768 NDProxy - ok
21:00:33.0968 3768 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:00:33.0968 3768 NetBIOS - ok
21:00:33.0984 3768 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:00:34.0000 3768 NetBT - ok
21:00:34.0015 3768 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:00:34.0015 3768 NetDDE - ok
21:00:34.0031 3768 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:00:34.0031 3768 NetDDEdsdm - ok
21:00:34.0046 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:00:34.0046 3768 Netlogon - ok
21:00:34.0062 3768 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:00:34.0062 3768 Netman - ok
21:00:34.0093 3768 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:00:34.0093 3768 Nla - ok
21:00:34.0093 3768 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:00:34.0093 3768 Npfs - ok
21:00:34.0125 3768 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:00:34.0140 3768 Ntfs - ok
21:00:34.0140 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:00:34.0140 3768 NtLmSsp - ok
21:00:34.0171 3768 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:00:34.0171 3768 NtmsSvc - ok
21:00:34.0187 3768 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:00:34.0187 3768 Null - ok
21:00:34.0484 3768 [ 774A0D43912F75DA99D32F2D9E6A674C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:00:34.0562 3768 nv - ok
21:00:34.0593 3768 [ DCE353985C988BFB7E84FD942068151F ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
21:00:34.0593 3768 nvata - ok
21:00:34.0609 3768 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:00:34.0609 3768 NVENETFD - ok
21:00:34.0625 3768 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:00:34.0625 3768 nvnetbus - ok
21:00:34.0640 3768 [ 6B665BDA473E2888A036D0BA5663B5A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:00:34.0656 3768 NVSvc - ok
21:00:34.0718 3768 [ 8BB901D3DBD7CA15C4D9F1EC98927379 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:00:34.0718 3768 nvUpdatusService - ok
21:00:34.0750 3768 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:00:34.0750 3768 NwlnkFlt - ok
21:00:34.0750 3768 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:00:34.0750 3768 NwlnkFwd - ok
21:00:34.0828 3768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:00:34.0828 3768 odserv - ok
21:00:34.0859 3768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:00:34.0859 3768 ose - ok
21:00:34.0875 3768 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:00:34.0875 3768 Parport - ok
21:00:34.0890 3768 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:00:34.0890 3768 PartMgr - ok
21:00:34.0906 3768 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:00:34.0906 3768 ParVdm - ok
21:00:34.0921 3768 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:00:34.0921 3768 PCI - ok
21:00:34.0937 3768 PCIDump - ok
21:00:34.0937 3768 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:00:34.0937 3768 PCIIde - ok
21:00:34.0953 3768 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:00:34.0953 3768 Pcmcia - ok
21:00:34.0968 3768 PDCOMP - ok
21:00:34.0968 3768 PDFRAME - ok
21:00:34.0968 3768 PDRELI - ok
21:00:34.0984 3768 PDRFRAME - ok
21:00:34.0984 3768 perc2 - ok
21:00:35.0000 3768 perc2hib - ok
21:00:35.0031 3768 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:00:35.0031 3768 PlugPlay - ok
21:00:35.0046 3768 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
21:00:35.0046 3768 PnkBstrA - ok
21:00:35.0062 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:00:35.0062 3768 PolicyAgent - ok
21:00:35.0078 3768 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:00:35.0078 3768 PptpMiniport - ok
21:00:35.0093 3768 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:00:35.0093 3768 Processor - ok
21:00:35.0093 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:00:35.0093 3768 ProtectedStorage - ok
21:00:35.0109 3768 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:00:35.0109 3768 PSched - ok
21:00:35.0125 3768 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:00:35.0125 3768 Ptilink - ok
21:00:35.0140 3768 ql1080 - ok
21:00:35.0140 3768 Ql10wnt - ok
21:00:35.0156 3768 ql12160 - ok
21:00:35.0156 3768 ql1240 - ok
21:00:35.0171 3768 ql1280 - ok
21:00:35.0171 3768 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:00:35.0171 3768 RasAcd - ok
21:00:35.0203 3768 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:00:35.0203 3768 RasAuto - ok
21:00:35.0218 3768 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:00:35.0218 3768 Rasl2tp - ok
21:00:35.0250 3768 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:00:35.0250 3768 RasMan - ok
21:00:35.0250 3768 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:00:35.0250 3768 RasPppoe - ok
21:00:35.0265 3768 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:00:35.0265 3768 Raspti - ok
21:00:35.0281 3768 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:00:35.0281 3768 Rdbss - ok
21:00:35.0296 3768 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:00:35.0296 3768 RDPCDD - ok
21:00:35.0328 3768 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:00:35.0328 3768 RDPWD - ok
21:00:35.0343 3768 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:00:35.0343 3768 RDSessMgr - ok
21:00:35.0359 3768 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:00:35.0359 3768 redbook - ok
21:00:35.0375 3768 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:00:35.0390 3768 RemoteAccess - ok
21:00:35.0390 3768 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:00:35.0390 3768 RpcLocator - ok
21:00:35.0421 3768 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:00:35.0421 3768 RpcSs - ok
21:00:35.0453 3768 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:00:35.0453 3768 RSVP - ok
21:00:35.0453 3768 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:00:35.0453 3768 SamSs - ok
21:00:35.0468 3768 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:00:35.0468 3768 SCardSvr - ok
21:00:35.0500 3768 [ 9A8925F0E6919272A768D7C42232AA3A ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
21:00:35.0500 3768 SCDEmu - ok
21:00:35.0515 3768 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:00:35.0531 3768 Schedule - ok
21:00:35.0593 3768 [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
21:00:35.0593 3768 SDScannerService - ok
21:00:35.0656 3768 [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:00:35.0671 3768 SDUpdateService - ok
21:00:35.0703 3768 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:00:35.0703 3768 Secdrv - ok
21:00:35.0703 3768 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:00:35.0703 3768 seclogon - ok
21:00:35.0718 3768 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:00:35.0718 3768 SENS - ok
21:00:35.0734 3768 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:00:35.0734 3768 serenum - ok
21:00:35.0750 3768 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:00:35.0750 3768 Serial - ok
21:00:35.0765 3768 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:00:35.0765 3768 Sfloppy - ok
21:00:35.0796 3768 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:00:35.0796 3768 SharedAccess - ok
21:00:35.0812 3768 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:00:35.0812 3768 ShellHWDetection - ok
21:00:35.0828 3768 Simbad - ok
21:00:35.0953 3768 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:00:35.0968 3768 Skype C2C Service - ok
21:00:36.0000 3768 [ 8C5477EB1C03CA76CD8EB66A610A9E90 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:00:36.0000 3768 SkypeUpdate - ok
21:00:36.0015 3768 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:00:36.0015 3768 SLIP - ok
21:00:36.0031 3768 Sparrow - ok
21:00:36.0031 3768 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:00:36.0031 3768 splitter - ok
21:00:36.0062 3768 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:00:36.0062 3768 Spooler - ok
21:00:36.0093 3768 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:00:36.0093 3768 sr - ok
21:00:36.0109 3768 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:00:36.0109 3768 srservice - ok
21:00:36.0140 3768 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:00:36.0140 3768 Srv - ok
21:00:36.0156 3768 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:00:36.0156 3768 SSDPSRV - ok
21:00:36.0171 3768 Steam Client Service - ok
21:00:36.0203 3768 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:00:36.0203 3768 stisvc - ok
21:00:36.0218 3768 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:00:36.0218 3768 streamip - ok
21:00:36.0281 3768 [ 8D244018E1268C6E0345DF087BFAE422 ] Suite Service C:\Program Files\Fighters\FighterSuiteService.exe
21:00:36.0281 3768 Suite Service - ok
21:00:36.0296 3768 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:00:36.0296 3768 swenum - ok
21:00:36.0312 3768 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:00:36.0312 3768 swmidi - ok
21:00:36.0328 3768 SwPrv - ok
21:00:36.0328 3768 symc810 - ok
21:00:36.0343 3768 symc8xx - ok
21:00:36.0343 3768 sym_hi - ok
21:00:36.0359 3768 sym_u3 - ok
21:00:36.0375 3768 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:00:36.0375 3768 sysaudio - ok
21:00:36.0390 3768 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:00:36.0390 3768 SysmonLog - ok
21:00:36.0421 3768 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
21:00:36.0421 3768 taphss - ok
21:00:36.0437 3768 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:00:36.0453 3768 TapiSrv - ok
21:00:36.0484 3768 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:00:36.0484 3768 Tcpip - ok
21:00:36.0484 3768 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:00:36.0484 3768 TDPIPE - ok
21:00:36.0500 3768 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:00:36.0500 3768 TDTCP - ok
21:00:36.0515 3768 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:00:36.0515 3768 TermDD - ok
21:00:36.0546 3768 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:00:36.0546 3768 TermService - ok
21:00:36.0562 3768 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:00:36.0562 3768 Themes - ok
21:00:36.0562 3768 TosIde - ok
21:00:36.0578 3768 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:00:36.0578 3768 TrkWks - ok
21:00:36.0609 3768 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:00:36.0609 3768 Udfs - ok
21:00:36.0609 3768 ultra - ok
21:00:36.0640 3768 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:00:36.0640 3768 Update - ok
21:00:36.0671 3768 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:00:36.0671 3768 upnphost - ok
21:00:36.0687 3768 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:00:36.0687 3768 UPS - ok
21:00:36.0703 3768 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:00:36.0703 3768 usbccgp - ok
21:00:36.0718 3768 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:00:36.0718 3768 usbehci - ok
21:00:36.0734 3768 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:00:36.0734 3768 usbhub - ok
21:00:36.0734 3768 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:00:36.0734 3768 usbohci - ok
21:00:36.0765 3768 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:00:36.0765 3768 usbprint - ok
21:00:36.0781 3768 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:00:36.0781 3768 USBSTOR - ok
21:00:36.0796 3768 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:00:36.0796 3768 usbvideo - ok
21:00:36.0796 3768 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:00:36.0796 3768 VgaSave - ok
21:00:36.0812 3768 ViaIde - ok
21:00:36.0828 3768 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:00:36.0828 3768 VolSnap - ok
21:00:36.0859 3768 [ 5ACE801EF0283EDF00274EAB7F63774F ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
21:00:36.0875 3768 Vsdatant - ok
21:00:36.0890 3768 vsmon - ok
21:00:36.0906 3768 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:00:36.0921 3768 VSS - ok
21:00:36.0937 3768 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:00:36.0937 3768 W32Time - ok
21:00:36.0953 3768 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:00:36.0953 3768 Wanarp - ok
21:00:36.0953 3768 WDICA - ok
21:00:36.0968 3768 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:00:36.0968 3768 wdmaud - ok
21:00:36.0984 3768 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:00:36.0984 3768 WebClient - ok
21:00:37.0015 3768 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:00:37.0031 3768 winmgmt - ok
21:00:37.0062 3768 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:00:37.0062 3768 WmdmPmSN - ok
21:00:37.0093 3768 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:00:37.0093 3768 WmiApSrv - ok
21:00:37.0140 3768 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:00:37.0140 3768 WMPNetworkSvc - ok
21:00:37.0171 3768 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:00:37.0171 3768 wscsvc - ok
21:00:37.0187 3768 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:00:37.0187 3768 WSTCODEC - ok
21:00:37.0203 3768 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:00:37.0203 3768 wuauserv - ok
21:00:37.0218 3768 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:00:37.0218 3768 WudfPf - ok
21:00:37.0218 3768 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:00:37.0218 3768 WudfRd - ok
21:00:37.0250 3768 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:00:37.0250 3768 WudfSvc - ok
21:00:37.0281 3768 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:00:37.0281 3768 WZCSVC - ok
21:00:37.0296 3768 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:00:37.0296 3768 xmlprov - ok
21:00:37.0312 3768 ================ Scan global ===============================
21:00:37.0328 3768 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:00:37.0343 3768 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:00:37.0359 3768 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:00:37.0375 3768 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:00:37.0375 3768 [Global] - ok
21:00:37.0375 3768 ================ Scan MBR ==================================
21:00:37.0390 3768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:00:37.0453 3768 \Device\Harddisk0\DR0 - ok
21:00:37.0453 3768 ================ Scan VBR ==================================
21:00:37.0453 3768 [ A35EAD92F8FB02EB1A9C017B7BF152C9 ] \Device\Harddisk0\DR0\Partition1
21:00:37.0453 3768 \Device\Harddisk0\DR0\Partition1 - ok
21:00:37.0453 3768 ============================================================
21:00:37.0453 3768 Scan finished
21:00:37.0453 3768 ============================================================
21:00:37.0468 3304 Detected object count: 0
21:00:37.0468 3304 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 21:06:11
-----------------------------
21:06:11.468 OS Version: Windows 5.1.2600 Service Pack 3
21:06:11.468 Number of processors: 1 586 0x2701
21:06:11.484 ComputerName: SUP UserName:
21:06:11.859 Initialize success
21:07:29.390 AVAST engine defs: 12092201
21:07:37.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
21:07:37.718 Disk 0 Vendor: WDC_WD740GD-00FLC0 33.08F33 Size: 70911MB BusType: 3
21:07:37.734 Disk 0 MBR read successfully
21:07:37.734 Disk 0 MBR scan
21:07:37.750 Disk 0 Windows XP default MBR code
21:07:37.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70896 MB offset 63
21:07:37.765 Disk 0 scanning sectors +145195470
21:07:37.796 Disk 0 scanning C:\WINDOWS\system32\drivers
21:07:42.500 Service scanning
21:07:52.312 Modules scanning
21:07:55.656 Disk 0 trace - called modules:
21:07:55.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
21:07:55.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d18ab8]
21:07:56.015 3 CLASSPNP.SYS[f765cfd7] -> nt!IofCallDriver -> \Device\00000062[0x86cd1b88]
21:07:56.015 5 ACPI.sys[f74f3620] -> nt!IofCallDriver -> \Device\00000061[0x86d47030]
21:07:56.203 AVAST engine scan C:\WINDOWS
21:08:02.218 AVAST engine scan C:\WINDOWS\system32
21:09:29.453 AVAST engine scan C:\WINDOWS\system32\drivers
21:09:37.218 AVAST engine scan C:\Documents and Settings\John Doe
21:12:00.953 AVAST engine scan C:\Documents and Settings\All Users
21:12:12.453 Scan finished successfully
21:13:24.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Doe\Desktop\MBR.dat"
21:13:24.078 The log file has been saved successfully to "C:\Documents and Settings\John Doe\Desktop\aswMBR.txt"

Edited by bradismad, 22 September 2012 - 11:05 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 23 September 2012 - 06:37 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bradismad

bradismad
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 23 September 2012 - 05:07 PM

Seems a bit faster. No problems so far after reboot.

ComboFix 12-09-23.02 - John Doe 09/23/2012 15:03:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.622 [GMT -7:00]
Running from: c:\documents and settings\John Doe\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John Doe\00000001.TMP
c:\documents and settings\John Doe\Application Data\PriceGong
c:\documents and settings\John Doe\Application Data\PriceGong\Data\1.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\450.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\7031.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\a.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\b.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\c.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\d.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\e.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\f.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\g.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\h.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\i.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\j.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\k.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\l.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\m.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\n.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\o.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\p.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\q.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\r.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\s.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\t.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\u.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\v.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\w.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\x.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\y.txt
c:\documents and settings\John Doe\Application Data\PriceGong\Data\z.txt
c:\documents and settings\John Doe\DrvMgt.dll
c:\documents and settings\John Doe\WINDOWS
c:\windows\system\VCL35.BPL
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET401.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-18 23:54 . 2012-09-18 23:54 -------- d-----w- c:\program files\Common Files\Java
2012-09-18 23:54 . 2012-09-18 23:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-17 02:42 . 2012-09-17 02:42 -------- d-----w- c:\documents and settings\John Doe\Application Data\Malwarebytes
2012-09-17 02:42 . 2012-09-17 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-17 02:42 . 2012-09-17 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 02:42 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 02:04 . 2012-09-19 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-09-17 02:04 . 2009-01-25 20:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-17 02:04 . 2012-09-17 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-16 21:37 . 2012-09-16 21:37 -------- d-----w- C:\DriveKey
2012-09-16 21:10 . 2012-09-16 21:10 -------- d-----w- c:\program files\HD Tune
2012-09-16 20:28 . 2012-09-16 20:28 -------- d-----w- c:\program files\SystemRequirementsLab
2012-09-16 20:28 . 2012-09-16 20:28 -------- d-----w- c:\documents and settings\John Doe\Application Data\SystemRequirementsLab
2012-09-16 17:12 . 2012-09-21 07:33 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-16 17:12 . 2012-09-21 07:33 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-16 17:12 . 2012-09-16 17:12 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-16 16:33 . 2012-09-21 07:34 -------- d-----w- c:\program files\Call of Duty
2012-09-15 00:29 . 2012-09-15 00:29 53248 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2012-09-15 00:29 . 2012-09-15 00:29 126976 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-09-15 00:29 . 2012-09-15 00:29 114688 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-09-15 00:29 . 2012-09-15 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-09-15 00:29 . 2012-09-15 00:29 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2012-09-15 00:29 . 2012-09-15 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2012-09-15 00:29 . 2012-09-15 00:29 -------- d-----w- c:\program files\ScanSoft
2012-09-15 00:29 . 2012-09-15 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2012-09-15 00:26 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-09-15 00:26 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-09-14 07:20 . 2012-09-14 07:20 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\Xfire
2012-09-14 07:19 . 2012-09-14 07:19 -------- d-----w- C:\temp
2012-09-14 07:18 . 2012-08-30 19:10 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-14 07:18 . 2012-08-30 19:10 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-09-13 21:31 . 2012-09-13 21:31 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-12 01:10 . 2012-09-16 05:19 -------- d-----w- c:\documents and settings\John Doe\Application Data\TS3Client
2012-09-12 01:10 . 2012-09-12 01:10 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\TeamSpeak 3 Client
2012-09-10 21:22 . 2012-09-10 21:22 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\Fighters
2012-09-09 21:15 . 2012-09-09 21:15 -------- d-----w- c:\documents and settings\John Doe\fontconfig
2012-09-09 21:15 . 2012-09-09 21:17 -------- d-----w- c:\documents and settings\John Doe\.smplayer
2012-09-09 21:12 . 2012-09-09 21:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters
2012-09-09 21:12 . 2012-09-09 21:12 -------- d-----w- c:\documents and settings\John Doe\Application Data\Fighters
2012-09-09 21:12 . 2012-09-09 21:12 -------- d-----w- c:\program files\Fighters
2012-09-09 21:12 . 2012-09-09 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2012-09-09 21:11 . 2012-09-09 21:11 -------- d-----w- c:\program files\Yontoo
2012-09-09 21:11 . 2012-09-09 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-09-09 21:11 . 2012-09-09 21:11 -------- d-----w- c:\program files\SMPlayer
2012-09-09 17:24 . 2012-09-09 17:24 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ilivid Player
2012-09-09 17:24 . 2012-09-09 21:17 -------- d-----w- c:\program files\iLivid
2012-09-09 03:36 . 2012-09-09 03:36 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 03:33 . 2012-09-09 18:54 -------- d-----w- c:\documents and settings\John Doe\Application Data\Mount&Blade Warband
2012-09-01 15:12 . 2012-09-01 15:12 -------- d-----w- c:\documents and settings\John Doe\Application Data\Foxit Software
2012-08-30 07:24 . 2012-08-30 07:24 -------- d-----w- c:\windows\Logs
2012-08-30 02:32 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-30 02:27 . 2012-08-30 02:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-18 23:54 . 2011-11-27 00:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-18 23:54 . 2011-11-27 00:57 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 21:31 . 2011-11-19 04:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 19:10 . 2011-11-19 03:30 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:10 . 2011-11-19 03:30 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:10 . 2011-11-19 03:30 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:10 . 2011-11-19 03:30 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:10 . 2011-11-19 03:30 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:10 . 2005-12-10 11:06 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-08-30 19:10 . 2005-12-10 11:06 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:10 . 2005-12-10 11:06 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-08-30 19:10 . 2005-12-10 11:06 12555680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-08-30 16:44 . 2005-12-10 11:06 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-08-30 16:43 . 2005-12-10 11:06 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-08-30 16:43 . 2005-12-10 11:06 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 16:43 . 2005-12-10 11:06 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-08-30 16:43 . 2005-12-10 11:06 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 05:16 . 2011-11-19 05:31 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-11-19 02:43 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-09-09 03:36 . 2011-11-19 03:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-07 617984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-08-30 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-08-30 1634112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^John Doe^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\John Doe\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-06-07 04:33 1564872 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
2002-12-07 00:07 617984 ----a-w- c:\program files\ASUS\Asus Probe\AsusProb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2012-01-19 00:36 1452680 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDPRO-516]
2012-05-10 20:11 832576 ----a-w- c:\program files\Fighters\FighterLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-19 04:09 136176 ----atw- c:\documents and settings\John Doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\John Doe\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\MountBlade Warband\\mb_warband.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8937:TCP"= 8937:TCP:BitComet 8937 TCP
"8937:UDP"= 8937:UDP:BitComet 8937 UDP
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/16/2012 7:42 PM 399432]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3/2/2012 1:25 PM 1258856]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [9/16/2012 7:04 PM 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [9/16/2012 7:04 PM 1358360]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [5/10/2012 1:11 PM 1267264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2011 8:21 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2012 7:42 PM 676936]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:16 AM 158856]
S3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [6/5/2012 11:01 AM 217200]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2011 8:21 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2012 7:42 PM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:46 AM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-09-17 21:11]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 03:21]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 03:21]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-527237240-725345543-1004Core.job
- c:\documents and settings\John Doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-19 04:09]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-527237240-725345543-1004UA.job
- c:\documents and settings\John Doe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-19 04:09]
.
2012-09-19 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-09-17 21:10]
.
2012-09-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-09-17 21:11]
.
2012-09-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 04:33]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=
FF - user.js: extentions.y2layers.installId - 7acc2aed-5330-4089-a0b3-0326d06f40e3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Facebook Update - c:\documents and settings\John Doe\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 15:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-23 15:08:33
ComboFix-quarantined-files.txt 2012-09-23 22:08
.
Pre-Run: 767,979,520 bytes free
Post-Run: 949,497,856 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 41BE8B0B19FBB1EA8FAF2F9FC4C96825

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 23 September 2012 - 08:55 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bradismad

bradismad
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 23 September 2012 - 09:04 PM

# AdwCleaner v2.003 - Logfile created 09/23/2012 at 19:00:31
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : John Doe - SUP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\John Doe\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\searchplugins\Askcom.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Documents and Settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Documents and Settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\FCTB
Folder Deleted : C:\Documents and Settings\John Doe\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\John Doe\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\John Doe\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1844237615-527237240-725345543-1008\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\prefs.js

C:\Documents and Settings\John Doe\Application Data\Mozilla\Firefox\Profiles\mkwqaexh.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Search the Web");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ClearCacheDate", 23);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DNSCatch", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DisplayEULA", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EBOMode", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.FirstLaunchShown", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallDomain", "freecause.com");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallType", "standard");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.LoadLayoutDate.100815", 23);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ShowRecommendedOptions", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.StateReportDate", "1348372579497");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeInstallSaved", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.search", "Google");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.customNewTab", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.helpUsImprove", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.hideOthers", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.partnerauth", false);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.processAddrBar", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.restoreSearch", false);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.runcmd.", "bb_acct_status_1348449128");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.searchHistory", true);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.session", "3AD98E9D2892A6D213E180402147AB2A11EC[...]
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showFirstLaunchOptions", false);
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tb_lang", "en");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tool_id", "100815");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_id", "120177856");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_key", "2a9a2cc85a56fca30c59bfe0754eaaebaf5[...]
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_layouts", "100815");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_lnames", "fcreward.100815.b");
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Deleted : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=");

-\\ Opera v12.2.1578.0

File : C:\Documents and Settings\John Doe\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11911 octets] - [21/09/2012 04:36:59]
AdwCleaner[R2].txt - [11972 octets] - [21/09/2012 04:38:18]
AdwCleaner[R3].txt - [11529 octets] - [23/09/2012 18:59:41]
AdwCleaner[S1].txt - [12046 octets] - [23/09/2012 19:00:31]

########## EOF - C:\AdwCleaner[S1].txt - [12107 octets] ##########

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : John Doe [Admin rights]
Mode : Scan -- Date : 09/23/2012 19:05:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD740GD-00FLC0 +++++
--- User ---
[MBR] fa1693f68f7a473ce5e5036f3dd8ef7e
[BSP] a66322bfe9175a61c32c94ee4d7df70f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Edited by bradismad, 23 September 2012 - 09:07 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 23 September 2012 - 09:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 26 September 2012 - 05:23 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 AM

Posted 28 September 2012 - 11:21 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users