1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved redirect google search and no sound

Discussion in 'Malware and Virus Removal Archive' started by nysoprano, 2010/10/18.

Page 1 of 2
  1. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    [Resolved] redirect google search and no sound

    When i boot windows, after the windows xp logo, i hear the window start sound then i hear a exclamation sound but no error window.

    Then when i start firefox and do a google search, when i click on any of the links i get redirected to spam sites. Google chrome doesn't work anymore. After a few minutes, i notice that my task-bar changes color and format, back to the old windows (windows 98?). I lose sound; sources from mp3, movies or sites like youtube doesn't play any sound. If i connect a usb device, my computer doesn't display it or make any sound that it's connected.

    I've tried Malwarebytes, spybot, superAntispyware, ad-aware and AVG antivirus...they all find something and clean it up but nothing fixes the problems I'm having.


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Administrator at 15:03:46.95 on Mon 10/18/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1933 [GMT -7:00]


    ============== Running Processes ===============

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    I:\Labview\MAX\nimxs.exe
    I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\nipalsm.exe
    I:\Labview\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    I:\Labview\Shared\Tagger\tagsrv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\nipalsm.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\ASUS\AI Booster\OverClk.exe
    O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Winamp1\winampa.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Silicon Image\SI3114\SiITray.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - o:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - o:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - c:\program files\spb wallet\SpbWalletToolbar.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [Steam] "i:\programs\steam\steam.exe" -silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
    mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe "
    mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe "
    mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe "
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "o:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
    mRun: [Acrobat Assistant 8.0] "o:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [WD Button Manager] WDBtnMgr.exe
    mRun: [WinampAgent] "c:\program files\winamp1\winampa.exe "
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon= "hidden "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\javasa~1.lnk - c:\program files\silicon image\si3114\run.bat
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - o:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\raidma~1.lnk - c:\program files\ite\ite it8212 ata raid controller\RaidMgr.exe
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: NoInstrumentation = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: cyber-deployment.com
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\8hga98aq.default\
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.http - PROXYTUBE.INFO
    FF - prefs.js: network.proxy.type - 4
    FF - HiddenExtension: XULRunner: {C440CEFC-9C63-4CF3-A386-B44D0B153E8E} - c:\documents and settings\administrator\local settings\application data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================


    ==================== Find3M ====================

    2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

    ============= FINISH: 15:06:55.39 ===============
     
    nysoprano,
    #1
  2. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume6
    Install Date: 4/27/2009 10:34:40 PM
    System Uptime: 10/18/2010 2:22:19 PM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5AD2-E-Premium
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3527/220mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 49 GiB total, 1.773 GiB free.
    D: is FIXED (NTFS) - 56 GiB total, 1.059 GiB free.
    E: is FIXED (NTFS) - 44 GiB total, 0.334 GiB free.
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is FIXED (NTFS) - 466 GiB total, 0.146 GiB free.
    K: is CDROM ()
    L: is Removable
    M: is Removable
    O: is FIXED (NTFS) - 45 GiB total, 2.218 GiB free.
    P: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft UAA Bus Driver for High Definition Audio
    Device ID: PCI\VEN_1002&DEV_AA38&SUBSYS_AA381682&REV_00\4&1DCCD7C2&0&0108
    Manufacturer: Microsoft
    Name: Microsoft UAA Bus Driver for High Definition Audio
    PNP Device ID: PCI\VEN_1002&DEV_AA38&SUBSYS_AA381682&REV_00\4&1DCCD7C2&0&0108
    Service: HDAudBus

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_15\4&1B635843&0&00E2
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_15\4&1B635843&0&00E2
    Service: yukonwxp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: ASUS 802.11b/g Wireless LAN Card
    Device ID: PCI\VEN_11AB&DEV_1FA7&SUBSYS_138F1043&REV_07\4&29F50442&0&00F0
    Manufacturer: Marvell
    Name: ASUS 802.11b/g Wireless LAN Card
    PNP Device ID: PCI\VEN_11AB&DEV_1FA7&SUBSYS_138F1043&REV_07\4&29F50442&0&00F0
    Service: W8100XP

    Class GUID: {894A7460-A033-11D2-821E-444553540000}
    Description: Texas Instruments XDS560 PCI JTAG Emulator
    Device ID: ROOT\TI_EMULATORS\0000
    Manufacturer: Texas Instruments
    Name: Texas Instruments XDS560 PCI JTAG Emulator
    PNP Device ID: ROOT\TI_EMULATORS\0000
    Service: XDS560

    ==== System Restore Points ===================

    RP34: 10/14/2010 6:59:26 PM - System Checkpoint
    RP35: 10/16/2010 8:53:21 PM - Installed AVG 2011
    RP36: 10/16/2010 8:57:02 PM - Removed AVG Free 9.0
    RP37: 10/17/2010 9:31:45 AM - Installed AVG 2011

    ==== Installed Programs ======================


    ==== Event Viewer Messages From Past Week ========


    ==== End Of File ===========================
     
    nysoprano,
    #2


  3. to hide this advert.

  4. 2010/10/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, do NOT use any prefixes in your topic title.

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    Malwarebytes' Anti-Malware

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4875

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/18/2010 3:42:20 PM
    mbam-log-2010-10-18 (15-42-20).txt

    Scan type: Quick scan
    Objects scanned: 162292
    Time elapsed: 14 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    nysoprano,
    #4
  6. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    GMER 1.0.15.15472 - http://www.gmer.net
    Rootkit scan 2010-10-18 18:54:07
    Windows 5.1.2600 Service Pack 3
    Running: 1O9QO11R.EXE.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwConnectPort [0xF14C22EC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreateFile [0xF14BB8CC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreateKey [0xF14DD0E6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreatePort [0xF14C2ABE]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreateProcess [0xF14D6F82]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreateProcessEx [0xF14D73AA]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreateSection [0xF14E183C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwCreateWaitablePort [0xF14C2C1C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwDeleteFile [0xF14BC78E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwDeleteKey [0xF14DEB8E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwDeleteValueKey [0xF14DE484]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwDuplicateObject [0xF14D5D66]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwLoadDriver [0xF14B4ABC]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwLoadKey [0xF14DF558]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwLoadKey2 [0xF14DF796]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwMapViewOfSection [0xF14E1BF8]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwOpenFile [0xF14BC280]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Act ZwOpenProcess [0xEEA1D6C0]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwOpenThread [0xF14D9088]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwProtectVirtualMemory [0xF14EF25C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwRenameKey [0xF14E061E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwReplaceKey [0xF14DFF12]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwRequestWaitReplyPort [0xF14C1E84]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwRestoreKey [0xF14E107E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSecureConnectPort [0xF14C25B8]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSetInformationFile [0xF14BCB98]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSetInformationObject [0xF14EF120]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSetSecurityObject [0xF14E0BA6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSetSystemInformation [0xF14B414A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSetValueKey [0xF14DDBA8]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwSystemDebugControl [0xF14D80A6]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS ZwTerminateProcess [0xF1373620]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Act ZwTerminateThread [0xEEA1D810]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/ ZwUnloadDriver [0xF14B4F0E]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Act ZwWriteVirtualMemory [0xEEA1D8B0]

    INT 0x62 ? FC958044
    INT 0x63 ? FC4C1A94
    INT 0x73 ? FC54A65C
    INT 0x82 ? FC940954
    INT 0x83 ? FC58D7F4
    INT 0x84 ? FC99642C
    INT 0x92 ? FC479564
    INT 0x94 ? FC93F954
    INT 0xA4 ? FC8E7BEC
    INT 0xB1 ? FC9AD5C4
    INT 0xB4 ? FC8EF66C

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 12E E0B95968 12 Bytes [BE, 2A, 4C, F1, 82, 6F, 4D, ...] {MOV ESI, 0
    .text ntoskrnl.exe!ZwYieldExecution + 1FA E0B95A34 12 Bytes [BC, 4A, 4B, F1, 58, F5, 4D, ...]
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF4C14000, 0x22F0B7, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\nisvcloc.exe[268] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nisvcloc.exe[268] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] ntdll.dll!NtAccessCheck 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] ntdll.dll!NtImpersonate 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] ntdll.dll!NtSetInformat 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] kernel32.dll!OpenProces 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] ADVAPI32.dll!Impersonat 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] ADVAPI32.dll!SetThreadT 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Tagger\tagsrv.exe[304] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00C1000A
    .text C:\WINDOWS\Explorer.EXE[388] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00C2000A
    .text C:\WINDOWS\Explorer.EXE[388] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00B7000C
    .text C:\WINDOWS\Explorer.EXE[388] ADVAPI32.dll!ImpersonateNamedPipeCl 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\Explorer.EXE[388] SHELL32.dll!SHFileOperationW 7CA70A18 5 Bytes JMP 00D91102 C:\Program Files\Unlocker\Unlocke
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] ntdll.dll!NtAc 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] ntdll.dll!NtIm 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] ntdll.dll!NtSe 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] kernel32.dll!O 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] ADVAPI32.DLL!I 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] ADVAPI32.DLL!S 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] USER32.dll!Fin 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ASUS\AI Booster\OverClk.exe[492] USER32.dll!Fin 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] ntdll.dll!NtAccessCheckB 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] ntdll.dll!NtImpersonateC 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] ntdll.dll!NtSetInformati 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] ADVAPI32.dll!Impersonate 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\iTunes\iTunes.exe[496] ADVAPI32.dll!SetThreadTo 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] ntdll.dll!NtAccessCheckByTy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] ntdll.dll!NtImpersonateClie 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] ntdll.dll!NtSetInformationP 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] ADVAPI32.dll!ImpersonateNam 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\spoolsv.exe[724] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\rundll32.exe[792] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtAccessCheckBy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtImpersonateCl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtSetInformatio 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] ADVAPI32.dll!ImpersonateN 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] ADVAPI32.dll!SetThreadTok 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\winlogon.exe[1044] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtAccessCheckBy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtImpersonateCl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] ntdll.dll!NtSetInformatio 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!ImpersonateN 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] ADVAPI32.dll!SetThreadTok 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\services.exe[1116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtAccessCheckByTyp 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtImpersonateClien 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] ntdll.dll!NtSetInformationPr 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!ImpersonateName 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lsass.exe[1128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] ntdll.dll!NtAccessCheckBy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] ntdll.dll!NtImpersonateCl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] ntdll.dll!NtSetInformatio 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] ADVAPI32.dll!ImpersonateN 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1308] ADVAPI32.dll!SetThreadTok 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] nt 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] nt 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] nt 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] ke 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] US 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] US 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] AD 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] AD 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1776] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1848] kernel 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1848] USER32 7E4242A8 5 Bytes JMP 20C39270 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] ntdll.dll!NtAccessCheckBy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] ntdll.dll!NtImpersonateCl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] ntdll.dll!NtSetInformatio 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] ADVAPI32.dll!ImpersonateN 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\Ati2evxx.exe[1864] ADVAPI32.dll!SetThreadTok 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\svchost.exe[1964] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
     
    nysoprano,
    #5
  7. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    GMER cont...

    .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtAcc 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtImp 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtSet 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] kernel32.dll!Op 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!Im 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!Se 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!Find 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!Find 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[2452] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\L 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] ntdll.dll!NtAcces 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] ntdll.dll!NtImper 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] ntdll.dll!NtSetIn 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] kernel32.dll!Open 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] ADVAPI32.dll!Impe 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] ADVAPI32.dll!SetT 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] USER32.dll!FindWi 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] USER32.dll!FindWi 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\Research In Motion\Auto Update\RIM 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] ntdll.dll!NtAccessC 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] ntdll.dll!NtImperso 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] ntdll.dll!NtSetInfo 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] kernel32.dll!OpenPr 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] ADVAPI32.dll!Impers 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] ADVAPI32.dll!SetThr 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] USER32.dll!FindWind 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2968] USER32.dll!FindWind 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] ntdll.dll!NtAccessCh 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] ntdll.dll!NtImperson 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] ntdll.dll!NtSetInfor 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] kernel32.dll!OpenPro 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] USER32.dll!FindWindo 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] USER32.dll!FindWindo 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] ADVAPI32.dll!Imperso 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgnsx.exe[3024] ADVAPI32.dll!SetThre 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] ntdll.dll!NtAccessC 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] ntdll.dll!NtImperso 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] ntdll.dll!NtSetInfo 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] kernel32.dll!OpenPr 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] USER32.dll!FindWind 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] USER32.dll!FindWind 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] ADVAPI32.dll!Impers 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgemcx.exe[3092] ADVAPI32.dll!SetThr 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] ntdll 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] ntdll 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] ntdll 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] kerne 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] ADVAP 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] ADVAP 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] USER3 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] USER3 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] ntdll.dll!NtAccessC 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] ntdll.dll!NtImperso 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] ntdll.dll!NtSetInfo 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] kernel32.dll!OpenPr 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] USER32.dll!FindWind 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] USER32.dll!FindWind 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] ADVAPI32.dll!Impers 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3300] ADVAPI32.dll!SetThr 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkcitdl.exe[3476] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] ntdll.dll!NtAccessCheckByTyp 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] ntdll.dll!NtImpersonateClien 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] ntdll.dll!NtSetInformationPr 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] ADVAPI32.dll!ImpersonateName 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lkads.exe[3532] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] ntdll.dll!NtAccessCheckByTy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] ntdll.dll!NtImpersonateClie 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] ntdll.dll!NtSetInformationP 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] ADVAPI32.dll!ImpersonateNam 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\lktsrv.exe[3600] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] ntdll.dll!NtImpersonateClientOfPo 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] ADVAPI32.dll!ImpersonateNamedPipe 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\MAX\nimxs.exe[3788] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] ntdll.dll!NtAccessCheckB 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] ntdll.dll!NtImpersonateC 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] ntdll.dll!NtSetInformati 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] ADVAPI32.dll!Impersonate 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] ADVAPI32.dll!SetThreadTo 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text o:\matlab701\bin\win32\matlab.exe[3804] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] ntdll.dll!N 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] ntdll.dll!N 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] ntdll.dll!N 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] kernel32.dl 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] ADVAPI32.dl 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] ADVAPI32.dl 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] USER32.dll! 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] USER32.dll! 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3928] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] ntdll.dll! 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] ntdll.dll! 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] ntdll.dll! 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] kernel32.d 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] ADVAPI32.d 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] ADVAPI32.d 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] USER32.dll 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] USER32.dll 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\nipalsm.exe[3996] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] ntdll.dll!NtAccessC 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] ntdll.dll!NtImperso 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] ntdll.dll!NtSetInfo 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] kernel32.dll!OpenPr 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] USER32.dll!FindWind 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] USER32.dll!FindWind 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] ADVAPI32.dll!Impers 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text I:\Labview\Shared\Security\nidmsrv.exe[4040] ADVAPI32.dll!SetThr 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] ntdll.dll!NtAccessCheckBy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] ntdll.dll!NtImpersonateCl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] ntdll.dll!NtSetInformatio 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] ADVAPI32.dll!ImpersonateN 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] ADVAPI32.dll!SetThreadTok 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\WDBtnMgr.exe[4228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] ntdll.dll!NtAccessChe 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] ntdll.dll!NtImpersona 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] ntdll.dll!NtSetInform 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] kernel32.dll!OpenProc 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] ADVAPI32.dll!Imperson 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] ADVAPI32.dll!SetThrea 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] USER32.dll!FindWindow 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Winamp1\winampa.exe[4288] USER32.dll!FindWindow 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] ntdll.dll!NtAccessCheckByT 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] ntdll.dll!NtImpersonateCli 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] ntdll.dll!NtProtectVirtual 7C90D6D0 5 Bytes JMP 0101000A
    .text C:\WINDOWS\System32\svchost.exe[4372] ntdll.dll!NtSetInformation 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] ntdll.dll!NtWriteVirtualMe 7C90DF90 5 Bytes JMP 0102000A
    .text C:\WINDOWS\System32\svchost.exe[4372] ntdll.dll!KiUserExceptionD 7C90E45C 5 Bytes JMP 00FF000C
    .text C:\WINDOWS\System32\svchost.exe[4372] ADVAPI32.dll!ImpersonateNa 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] ADVAPI32.dll!SetThreadToke 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 012B000A
    .text C:\WINDOWS\System32\svchost.exe[4372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\System32\svchost.exe[4372] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 010E000A
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] ntdll.dl 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] ntdll.dl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] ntdll.dl 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] kernel32 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] USER32.d 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] USER32.d 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] ADVAPI32 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[4424] ADVAPI32 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] ntdll.dl 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] ntdll.dl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] ntdll.dl 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] kernel32 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] USER32.d 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] USER32.d 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] ADVAPI32 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] ADVAPI32 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] ntdll.dll!NtAccessC 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] ntdll.dll!NtImperso 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] ntdll.dll!NtSetInfo 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] kernel32.dll!OpenPr 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] ADVAPI32.dll!Impers 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] ADVAPI32.dll!SetThr 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] USER32.dll!FindWind 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\AVG\AVG10\avgtray.exe[4688] USER32.dll!FindWind 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] ntdll.dll!NtAccessCheckByTy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] ntdll.dll!NtImpersonateClie 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] ntdll.dll!NtSetInformationP 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] ADVAPI32.dll!ImpersonateNam 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
     
    nysoprano,
    #6
  8. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    GMER cont...part 3

    .text C:\WINDOWS\system32\ctfmon.exe[4768] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\WINDOWS\system32\ctfmon.exe[4768] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] ntdll.d 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] ntdll.d 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] ntdll.d 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] kernel3 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] ADVAPI3 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] ADVAPI3 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] USER32. 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] USER32. 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] ntdll.dll! 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] ntdll.dll! 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] ntdll.dll! 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] kernel32.d 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] ADVAPI32.d 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] ADVAPI32.d 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] USER32.dll 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] USER32.dll 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] nt 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] nt 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] nt 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] ke 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] ke 7C8449FD 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] AD 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] AD 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] US 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[5212] US 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] ntdll.dll!NtAccessCheckBy 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] ntdll.dll!NtImpersonateCl 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] ntdll.dll!NtSetInformatio 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] ADVAPI32.dll!ImpersonateN 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] ADVAPI32.dll!SetThreadTok 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] ntdll.dll 7C90CE70 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] ntdll.dll 7C90D3E0 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] ntdll.dll 7C90DC80 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] kernel32. 7C8309D1 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] ADVAPI32. 77DD7416 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] ADVAPI32. 77DDF183 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] USER32.dl 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAFor
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] USER32.dl 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAFor

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterP [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapt [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdap [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregiste [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterP [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterPro [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapte [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterPr [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregister [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapt [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapte [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProt [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterP [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterPro [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapte [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapt [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapte [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregister [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterPr [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F14A11F2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterPr [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregister [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapt [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapte [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterPro [F14C750E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter [F14C7364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterP [F14C5ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapte [F14C7B56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformati [F14BD9E4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F14BDDDC] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F14BD39E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall
    IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F14BDB92] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewall

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\nisvcloc.exe[268] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT I:\Labview\Shared\Tagger\tagsrv.exe[304] @ C:\WINDOWS\system32\U [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\Explorer.EXE[388] @ C:\WINDOWS\system32\USER32.dll [K [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\ASUS\AI Booster\OverClk.exe[492] @ C:\WINDOWS\s [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT O:\Program Files\iTunes\iTunes.exe[496] @ C:\WINDOWS\system32\US [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\spoolsv.exe[724] @ C:\WINDOWS\system32\USER3 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\rundll32.exe[792] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\winlogon.exe[1044] @ C:\WINDOWS\system32\USE [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\services.exe[1116] @ C:\WINDOWS\system32\USE [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\lsass.exe[1128] @ C:\WINDOWS\system32\USER32 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\Ati2evxx.exe[1308] @ C:\WINDOWS\system32\USE [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\svchost.exe[1332] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT O:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[1504] @ [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\svchost.exe[1528] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\svchost.exe[1560] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\svchost.exe[1776] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\Ati2evxx.exe[1864] @ C:\WINDOWS\system32\USE [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\svchost.exe[1964] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsm [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2280] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Bonjour\mDNSResponder.exe[2328] @ C:\WINDOWS\sy [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\nipalsm.exe[2452] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Logitech\GamePanel Software\G-series Software\L [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022D5A] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010218B8] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [0102198B] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010218B8] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B95] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022D5A] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010218B8] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B95] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022D5A] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [0102198B] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010218B8] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022D5A] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [0102250C] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010218B8] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [0102198B] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B95] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022D5A] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010218B8] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022D5A] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022C92] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022B0F] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [01022E48] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219E4] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [0102198B] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe[2712] @ C:\WINDOWS\syst [010219FE] I:\Programs\Nero\Nero 9\InCD\InCDSrv.exe (incdsrv/Ner
    IAT C:\Program Files\Common Files\Research In Motion\Auto Update\RIM [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Java\jre6\bin\jqs.exe[2968] @ C:\WINDOWS\system [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\AVG\AVG10\avgnsx.exe[3024] @ C:\WINDOWS\system3 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\AVG\AVG10\avgemcx.exe[3092] @ C:\WINDOWS\system [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3260] @ C:\ [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\PowerISO\PWRISOVM.EXE[3300] @ C:\WINDOWS\system [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\lkcitdl.exe[3476] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\lkads.exe[3532] @ C:\WINDOWS\system32\USER32 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\lktsrv.exe[3600] @ C:\WINDOWS\system32\USER3 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon. [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT I:\Labview\MAX\nimxs.exe[3788] @ C:\WINDOWS\system32\USER32.dll [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT o:\matlab701\bin\win32\matlab.exe[3804] @ C:\WINDOWS\system32\US [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT I:\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe[3872] @ C:\WINDOW [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\nipalsm.exe[3928] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Unlocker\UnlockerAssistant.exe[3936] @ C:\WINDO [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\nipalsm.exe[3996] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT I:\Labview\Shared\Security\nidmsrv.exe[4040] @ C:\WINDOWS\system [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[4052] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\WDBtnMgr.exe[4228] @ C:\WINDOWS\system32\USE [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Winamp1\winampa.exe[4288] @ C:\WINDOWS\system32 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.ex [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\System32\svchost.exe[4372] @ C:\WINDOWS\system32\USER [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Silicon Image\SI3114\SiITray.exe[4572] @ C:\WIN [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\WINDOWS\system32\ctfmon.exe[4768] @ C:\WINDOWS\system32\USER3 [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4836] @ C:\WI [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync. [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT O:\Program Files\Logitech\SetPoint\SetPoint.exe[5068] @ C:\WINDO [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe[ [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Documents and Settings\Administrator\Desktop\1O9QO11R.EXE.exe [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[5604] @ C:\WINDOWS\system32\USE [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS
    IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5696] @ C:\WIND [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWS

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-20 FC345AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-2b FC345AEA
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software

    AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corpor
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver
    AttachedDevice \FileSystem\Fastfat \Fat InCDRec.sys (Nero InCD File System Recognizer/Nero AG)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E2
    Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E2 0x75 0xBB 0x85 0x46 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Application Data\Adobe\ 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
    nysoprano,
    #7
  9. 2010/10/18
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000ddfd

    Kernel Drivers (total 188):
    0xE0B88000 \WINDOWS\system32\ntoskrnl.exe
    0xE0B67000 \WINDOWS\system32\hal.dll
    0xF6787000 \WINDOWS\system32\KDCOM.DLL
    0xF6697000 \WINDOWS\system32\BOOTVID.dll
    0xF6507000 nipbcfk.sys
    0xF6238000 ACPI.sys
    0xF6789000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF6227000 pci.sys
    0xF6287000 isapnp.sys
    0xF6297000 ohci1394.sys
    0xF62A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF684F000 pciide.sys
    0xF650F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF62B7000 MountMgr.sys
    0xF6208000 ftdisk.sys
    0xF678D000 dmload.sys
    0xF61E2000 dmio.sys
    0xF6517000 PartMgr.sys
    0xF62C7000 VolSnap.sys
    0xF61CA000 atapi.sys
    0xF651F000 iteraid.sys
    0xF61B2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF619B000 SI3114R.sys
    0xF62D7000 disk.sys
    0xF62E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF617B000 fltMgr.sys
    0xF6169000 sr.sys
    0xF669B000 SiWinAcc.sys
    0xF62F7000 PxHelp20.sys
    0xF6152000 KSecDD.sys
    0xF613F000 WudfPf.sys
    0xF60B2000 Ntfs.sys
    0xF6085000 NDIS.sys
    0xF5FE9000 nipalk.sys
    0xF6527000 \WINDOWS\System32\drivers\TDI.SYS
    0xF5FCF000 Mup.sys
    0xF5AAF000 kl1.sys
    0xF652F000 avgrkx86.sys
    0xF6307000 AVGIDSEH.Sys
    0xF5563000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF4C13000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF4BFF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF4BD7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF4BA0000 \SystemRoot\system32\DRIVERS\yk51x86.sys
    0xF661F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF4B7C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF6627000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF5553000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF662F000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF4B68000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF67C9000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xF5543000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF6763000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF5533000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF5523000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF5513000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF4B45000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF5503000 \SystemRoot\system32\DRIVERS\InCDPass.sys
    0xF63A7000 \SystemRoot\system32\DRIVERS\InCDRm.sys
    0xF6637000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF6872000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF67CB000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF663F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF63B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF676F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF4B2E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF63C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF63D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF4B1D000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF63E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF4A59000 \SystemRoot\System32\drivers\dmboot.sys
    0xF6647000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF664F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6657000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF4A29000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF63F7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF665F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6667000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF67CD000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF492B000 \SystemRoot\system32\DRIVERS\update.sys
    0xF5A8B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF6427000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF1759000 \SystemRoot\system32\drivers\cmudax.sys
    0xF1735000 \SystemRoot\system32\drivers\portcls.sys
    0xF6447000 \SystemRoot\system32\drivers\drmk.sys
    0xF6457000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF67D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF6677000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF6477000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0xF67D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF68E7000 \SystemRoot\System32\Drivers\Null.SYS
    0xF67D5000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF668F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF653F000 \SystemRoot\System32\drivers\vga.sys
    0xF67D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF67D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF50E5000 \SystemRoot\system32\DRIVERS\InCDRec.sys
    0xF1671000 \SystemRoot\system32\DRIVERS\InCDFs.sys
    0xF6587000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF658F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF50E1000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF160E000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF15B5000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF156D000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0xF6487000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF6497000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF151D000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF149D000 \SystemRoot\System32\vsdatant.sys
    0xF13DB000 \SystemRoot\System32\drivers\afd.sys
    0xF64B7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF64C7000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0xF1369000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF6597000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xF133E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF12CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF64D7000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF1292000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0xF65B7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF65EF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF13C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF13FD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF128E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xF6617000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xF11DA000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF114F000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xF128A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF667F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xF6839000 \SystemRoot\system32\drivers\AsIO.sys
    0xF112B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xDE000000 \SystemRoot\System32\win32k.sys
    0xF10F7000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF6607000 \SystemRoot\System32\watchdog.sys
    0xDE1C3000 \SystemRoot\System32\drivers\dxg.sys
    0xF690F000 \SystemRoot\System32\drivers\dxgthk.sys
    0xDE1D5000 \SystemRoot\System32\ati2dvag.dll
    0xDE223000 \SystemRoot\System32\ati2cqag.dll
    0xDE2BF000 \SystemRoot\System32\atikvmag.dll
    0xDE359000 \SystemRoot\System32\atiok3x2.dll
    0xDE3BF000 \SystemRoot\System32\ati3duag.dll
    0xDE726000 \SystemRoot\System32\ATMFD.DLL
    0xEEF33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF058B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xF0FFD000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    0xEEA9E000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF056B000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEE864000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF69A0000 \SystemRoot\System32\Drivers\cvintdrv.SYS
    0xF67F3000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xEE82B000 \SystemRoot\System32\Drivers\adfs.SYS
    0xEEB8F000 \SystemRoot\System32\Drivers\Aspi32.SYS
    0xEEA1B000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0xF65FF000 \??\C:\WINDOWS\system32\dlportio.sys
    0xF6937000 \??\C:\WINDOWS\system32\drpkiont.sys
    0xF6967000 \SystemRoot\System32\Drivers\LBeepKE.sys
    0xEE45F000 \SystemRoot\system32\DRIVERS\srv.sys
    0xEDBC7000 \SystemRoot\system32\drivers\nibffrk.dll
    0xF1641000 \??\C:\WINDOWS\system32\drivers\nimdbgkl.sys
    0xED834000 \??\C:\WINDOWS\system32\drivers\nimdbgk.dll
    0xF144D000 \??\C:\WINDOWS\system32\drivers\niorbk.dll
    0xED90E000 \??\C:\WINDOWS\system32\drivers\nimstskl.sys
    0xED823000 \??\C:\WINDOWS\system32\drivers\nimstsk.dll
    0xF1639000 \??\C:\WINDOWS\system32\drivers\nimxdfkl.sys
    0xED7E8000 \??\C:\WINDOWS\system32\drivers\nimxdfk.dll
    0xEEB4B000 \SystemRoot\system32\drivers\nimdsk.dll
    0xF65BF000 \??\C:\WINDOWS\system32\drivers\nidimkl.sys
    0xED7BD000 \??\C:\WINDOWS\system32\drivers\nidimk.dll
    0xF1631000 \??\C:\WINDOWS\system32\drivers\niorbkl.sys
    0xF659F000 \??\C:\WINDOWS\system32\drivers\nipxirmkl.sys
    0xED7AA000 \??\C:\WINDOWS\system32\drivers\nipxirmk.dll
    0xED78A000 \SystemRoot\system32\drivers\nistck.dll
    0xEDCD1000 \??\C:\WINDOWS\system32\drivers\nimru2kl.sys
    0xED6A7000 \??\C:\WINDOWS\system32\drivers\nimru2k.dll
    0xF1621000 \SystemRoot\System32\drivers\NiViPxiKl.sys
    0xF65CF000 \SystemRoot\System32\drivers\NiViPxiK.sys
    0xF6803000 \??\C:\WINDOWS\system32\xdsfast1.sys
    0xEE703000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0xEE3A7000 \SystemRoot\system32\drivers\niarbk.dll
    0xED50C000 \SystemRoot\System32\Drivers\Nidaq32k.SYS
    0xED4D3000 \SystemRoot\system32\drivers\nidmmk.dll
    0xED483000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0xEE7CB000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xECE78000 \SystemRoot\System32\Drivers\HTTP.sys
    0xED93E000 \SystemRoot\System32\drivers\hphius11.sys
    0xED2C1000 \SystemRoot\system32\DRIVERS\hphid411.sys
    0xEC326000 \SystemRoot\System32\Drivers\hphs2k11.sys
    0xED0B9000 \SystemRoot\system32\DRIVERS\hphipr11.sys
    0xEC0C4000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdrpow.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 75):
    0 System Idle Process
    4 System
    764 \Device\HarddiskVolume6\WINDOWS\system32\smss.exe
    808 \Device\HarddiskVolume6\PROGRA~1\AVG\AVG10\avgchsvx.exe
    1000 csrss.exe
    1044 \Device\HarddiskVolume6\WINDOWS\system32\winlogon.exe
    1116 \Device\HarddiskVolume6\WINDOWS\system32\services.exe
    1128 \Device\HarddiskVolume6\WINDOWS\system32\lsass.exe
    1308 \Device\HarddiskVolume6\WINDOWS\system32\ati2evxx.exe
    1332 \Device\HarddiskVolume6\WINDOWS\system32\svchost.exe
    1404 svchost.exe
    1560 \Device\HarddiskVolume6\WINDOWS\system32\svchost.exe
    1776 svchost.exe
    1864 \Device\HarddiskVolume6\WINDOWS\system32\ati2evxx.exe
    1964 svchost.exe
    2036 \Device\HarddiskVolume6\WINDOWS\system32\ZoneLabs\vsmon.exe
    388 \Device\HarddiskVolume6\WINDOWS\explorer.exe
    1848 \Device\HarddiskVolume6\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    724 \Device\HarddiskVolume6\WINDOWS\system32\spoolsv.exe
    792 \Device\HarddiskVolume6\WINDOWS\system32\rundll32.exe
    2116 \Device\HarddiskVolume6\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    2272 \Device\HarddiskVolume6\Program Files\AVG\AVG10\avgwdsvc.exe
    2328 \Device\HarddiskVolume6\Program Files\Bonjour\mDNSResponder.exe
    2712 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Programs\Nero\Nero 9\InCD\InCDSrv.exe
    2968 \Device\HarddiskVolume6\Program Files\Java\jre6\bin\jqs.exe
    3024 \Device\HarddiskVolume6\Program Files\AVG\AVG10\avgnsx.exe
    3092 \Device\HarddiskVolume6\Program Files\AVG\AVG10\avgemcx.exe
    3260 \Device\HarddiskVolume6\Program Files\Common Files\LightScribe\LSSrvc.exe
    3476 \Device\HarddiskVolume6\WINDOWS\system32\lkcitdl.exe
    3532 \Device\HarddiskVolume6\WINDOWS\system32\lkads.exe
    3600 \Device\HarddiskVolume6\WINDOWS\system32\lktsrv.exe
    3788 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Labview\MAX\nimxs.exe
    3804 MATLAB.exe
    3872 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
    3928 \Device\HarddiskVolume6\WINDOWS\system32\nipalsm.exe
    3996 \Device\HarddiskVolume6\WINDOWS\system32\nipalsm.exe
    4040 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Labview\Shared\Security\nidmsrv.exe
    268 \Device\HarddiskVolume6\WINDOWS\system32\nisvcloc.exe
    304 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Labview\Shared\Tagger\tagsrv.exe
    1528 \Device\HarddiskVolume6\WINDOWS\system32\svchost.exe
    2452 \Device\HarddiskVolume6\WINDOWS\system32\nipalsm.exe
    2820 \Device\HarddiskVolume6\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    3936 \Device\HarddiskVolume6\Program Files\Unlocker\UnlockerAssistant.exe
    4052 \Device\HarddiskVolume6\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3660 \Device\HarddiskVolume6\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    2624 \Device\HarddiskVolume6\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    492 \Device\HarddiskVolume6\Program Files\ASUS\AI Booster\OverClk.exe
    1504 \Device\HarddiskVolume7\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    2760 \Device\HarddiskVolume6\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    3300 \Device\HarddiskVolume6\Program Files\PowerISO\PWRISOVM.EXE
    4196 \Device\HarddiskVolume6\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    4228 \Device\HarddiskVolume6\WINDOWS\system32\WDBtnMgr.exe
    4288 \Device\HarddiskVolume6\Program Files\Winamp1\winampa.exe
    4356 \Device\HarddiskVolume6\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    4424 \Device\HarddiskVolume6\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    4620 \Device\HarddiskVolume6\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    4688 \Device\HarddiskVolume6\Program Files\AVG\AVG10\avgtray.exe
    4768 \Device\HarddiskVolume6\WINDOWS\system32\ctfmon.exe
    4836 \Device\HarddiskVolume6\Program Files\Microsoft ActiveSync\wcescomm.exe
    4984 \Device\HarddiskVolume6\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    5068 \Device\HarddiskVolume7\Program Files\Logitech\SetPoint\SetPoint.exe
    5116 \Device\HarddiskVolume6\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
    5604 \Device\HarddiskVolume6\PROGRA~1\MI3AA1~1\rapimgr.exe
    5624 \Device\HarddiskVolume6\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2280 \Device\HarddiskVolume6\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    2148 \Device\HarddiskVolume6\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    4572 \Device\HarddiskVolume6\Program Files\Silicon Image\SI3114\SiITray.exe
    5212 \Device\HarddiskVolume6\Program Files\CheckPoint\ZAForceField\ForceField.exe
    1808 \Device\HarddiskVolume6\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4532 \Device\HarddiskVolume6\PROGRA~1\AVG\AVG10\avgrsx.exe
    1456 \Device\HarddiskVolume6\Program Files\AVG\AVG10\avgcsrvx.exe
    5696 \Device\HarddiskVolume6\Program Files\DivX\DivX Update\DivXUpdate.exe
    496 \Device\HarddiskVolume7\Program Files\iTunes\iTunes.exe
    4372 \Device\HarddiskVolume6\WINDOWS\system32\svchost.exe
    4420 \Device\HarddiskVolume6\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> error 1450
    \\.\D: --> error 1450
    \\.\E: --> error 1450
    \\.\I: --> error 1450
    \\.\O: --> error 1450

    PhysicalDrive0 Model Number: WDCWD1200JB-00CRA1, Rev: 17.07W17
    PhysicalDrive1 Model Number: Maxtor6B100M0, Rev: BANC1980
    PhysicalDrive2 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01
    PhysicalDrive3 Model Number: Maxtor6L100M0, Rev: BANC1E00
    PhysicalDrive4 Model Number:
    PhysicalDrive5 Model Number:
    PhysicalDrive6 Model Number:
    PhysicalDrive7 Model Number:
    PhysicalDrive8 Model Number:

    Size Device Name MBR Status
    --------------------------------------------
    0 GB \\.\PhysicalDrive0 Out of memory!
    0 GB \\.\PhysicalDrive1 Out of memory!
    0 GB \\.\PhysicalDrive2 Out of memory!
    0 GB \\.\PhysicalDrive3 Out of memory!
    0 GB \\.\PhysicalDrive4 Out of memory!
    0 GB \\.\PhysicalDrive5 Out of memory!
    0 GB \\.\PhysicalDrive6 Out of memory!
    0 GB \\.\PhysicalDrive7 Out of memory!
    0 GB \\.\PhysicalDrive8 Out of memory!


    Done!
     
    nysoprano,
    #8
  10. 2010/10/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I got everything.
    I had to approve your posts.
     
    broni,
    #9
  11. 2010/10/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, MBRCheck is giving us some error, I've never seen before.
    Let's try a different tool.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
    broni,
    #10
  12. 2010/10/19
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
    nysoprano,
    #11
  13. 2010/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #12
  14. 2010/10/20
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    My computer has been on the "preparing log report. Do not run any programs until combofix has finished" for about 90min

    What should I do? Reboot? Wait?

    Thanks
     
    nysoprano,
    #13
  15. 2010/10/20
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    Rebooted system and this is the log from c:\comboFix\comboFix.exe

    ComboFix 10-10-19.02 - Administrator 10/19/2010 21:48:26.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2392 [GMT -7:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Application Data\Bitrix Security
    C:\Documents and Settings\Administrator\Application Data\Bitrix Security\hjzvk
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\chrome.manifest
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\chrome\content\_cfg.js
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\chrome\content\overlay.xul
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\install.rdf
    C:\WINDOWS\install.exe
    C:\WINDOWS\system32\muzapp.exe

    Infected copy of C:\WINDOWS\system32\drivers\InCDPass.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
    .

    2010-10-17 16:39:54 . 2010-10-17 16:39:54 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\AVG10
    2010-10-17 16:37:33 . 2010-10-17 16:37:33 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files
    2010-10-17 16:32:26 . 2010-10-20 03:58:47 -------- d-----w- C:\WINDOWS\system32\drivers\AVG
    2010-10-17 16:32:26 . 2010-10-17 16:38:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG10
    2010-10-17 03:14:01 . 2010-10-17 03:53:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
    2010-10-15 00:35:49 . 2010-10-18 06:31:19 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
    2010-10-15 00:35:49 . 2010-10-15 00:35:50 -------- d-----w- C:\Program Files\Rosetta Stone
    2010-10-13 07:33:46 . 2010-10-13 07:33:46 -------- d-----w- C:\found.003
    2010-10-03 10:31:47 . 2010-10-15 21:29:01 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
    2010-10-03 10:31:47 . 2010-10-03 10:31:47 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    2010-09-29 01:55:12 . 2010-09-29 01:55:12 -------- d-----w- C:\found.002

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-25 16:41:48 . 2009-09-25 16:41:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
    2009-09-25 16:41:48 . 2009-09-25 16:41:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
    2004-03-16 00:51:20 . 2004-03-16 00:51:20 114688 ----a-w- C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
    2003-05-01 16:36:00 . 2003-05-01 16:36:00 114688 ----a-w- C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
    2006-01-23 17:32:00 . 2006-01-23 17:32:00 131072 ----a-w- C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
    2007-02-08 17:48:16 . 2007-02-08 17:48:16 133920 ----a-w- C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
    2007-07-25 02:03:24 . 2007-07-25 02:03:24 118784 ----a-w- C:\Program Files\internet explorer\plugins\LV85ActiveXControl.dll
    2006-05-03 10:06:54 163328 --sh--r- C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- C:\WINDOWS\system32\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- C:\WINDOWS\system32\nbDX.dll
     
    nysoprano,
    #14
  16. 2010/10/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log is incomplete.
    Look at the log, you posted and then look at C:\combofix.txt file. If the latter looks different, than what you posted, paste it back here.
    If it looks the same, re-run Combofix and post new log.
     
    broni,
    #15
  17. 2010/10/21
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    ComboFix 10-10-20.04 - Administrator 10/21/2010 16:02:16.2.2 - x86
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\_000005_.tmp.dll
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\_000009_.tmp.dll
    c:\windows\system32\_000010_.tmp.dll
    c:\windows\system32\_000013_.tmp.dll
    c:\windows\system32\_000014_.tmp.dll
    c:\windows\system32\_000015_.tmp.dll
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Administrator\Application Data\Bitrix Security
    c:\documents and settings\Administrator\Application Data\Bitrix Security\hjzvk
    c:\documents and settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}
    c:\documents and settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\chrome.manifest
    c:\documents and settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\chrome\content\_cfg.js
    c:\documents and settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\chrome\content\overlay.xul
    c:\documents and settings\Administrator\Local Settings\Application Data\{C440CEFC-9C63-4CF3-A386-B44D0B153E8E}\install.rdf
    c:\windows\install.exe
    c:\windows\system32\muzapp.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-03-16 00:51 . 2004-03-16 00:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
    2003-05-01 16:36 . 2003-05-01 16:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
    2006-01-23 17:32 . 2006-01-23 17:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
    2007-02-08 17:48 . 2007-02-08 17:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
    2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @= "{8D2223A2-B3C6-4e32-B096-CDD11F628C60} "
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-09-29 12:09 98328 ----a-w- i:\programs\Nero\Nero 9\InCD\NBHshx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "i:\programs\steam\steam.exe" [2010-08-24 1242448]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]
    "Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "Launch LgDevAgt "= "c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
    "Launch LCDMon "= "c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
    "Launch LGDCore "= "c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
    "Launch Ai Booster "= "c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
    "AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher "= "o:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
    "Acrobat Assistant 8.0 "= "o:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
    "BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
    "WD Button Manager "= "WDBtnMgr.exe" [2009-12-01 364544]
    "WinampAgent "= "c:\program files\Winamp1\winampa.exe" [2010-07-12 74752]
    "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-04 1038848]
    "ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-03-16 730480]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "AVG_TRAY "= "c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3 "= "advpack.dll" [2009-03-08 128512]
    "RunNarrator "= "Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
    Java SATARaid.lnk - c:\program files\Silicon Image\SI3114\run.bat [2009-4-30 92]
    Logitech SetPoint.lnk - o:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-27 809488]
    RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2009-5-1 724992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack "= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack "= 1 (0x1)
    "NoSetActiveDesktop "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LingvoSoft Application Manager 2008.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LingvoSoft Application Manager 2008.lnk
    backup=c:\windows\pss\LingvoSoft Application Manager 2008.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk
    backup=c:\windows\pss\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-08-02 07:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
    2006-11-14 21:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-04-28 08:22 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
    2006-01-06 19:07 348160 ----a-w- c:\windows\system32\hphmon04.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-09-29 12:09 1111064 ----a-w- i:\programs\Nero\Nero 9\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-21 23:36 305440 ----a-w- o:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]
    2008-09-29 12:09 2079256 ----a-w- i:\programs\Nero\Nero 9\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]
    2007-07-14 23:39 106064 ----a-w- i:\labview\NI-DAQ\HWConfig\nidevmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    2007-02-23 23:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-03-18 04:24 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-21 05:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "o:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "o:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe "=
    "o:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe "=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP "= 5353:TCP:Adobe CSI CS4
    "3703:TCP "= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP "= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP "= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP "= 51001:TCP:Adobe Version Cue CS4 Server
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
    R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [4/30/2009 11:59 PM 24971]
    R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 8:08 PM 15448]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [9/3/2010 10:35 AM 6104144]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400]
    R2 dlportio;54x_DSK_Parallel_Port_Driver;c:\windows\system32\dlportio.sys [10/22/2004 7:43 AM 3584]
    R2 drpkiont;drpkiont;c:\windows\system32\drpkiont.sys [10/22/2004 7:57 AM 3968]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3/16/2010 1:55 AM 26232]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3/16/2010 1:55 AM 488816]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [4/27/2009 11:39 PM 10384]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;i:\programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [9/29/2008 5:09 AM 108568]
    R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 11:21 AM 12696]
    R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [4/16/2007 3:40 PM 37376]
    R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [4/16/2007 3:40 PM 21504]
    R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [4/16/2007 5:04 PM 674304]
    R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 11:21 AM 12696]
    R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [4/16/2007 5:06 PM 50688]
    R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [4/16/2007 3:41 PM 30208]
    R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 12:18 PM 11552]
    R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [4/16/2007 3:42 PM 111616]
    R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 11:56 AM 11360]
    R2 xdsfast1;XDSFast1_ISA_Bus_Driver;c:\windows\system32\xdsfast1.sys [10/22/2004 7:57 AM 6112]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
    R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [4/27/2009 11:16 PM 1275584]
    R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [7/12/2007 6:18 PM 11360]
    R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [7/24/2007 12:19 PM 11360]
    R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/13/2007 8:00 PM 11360]
    S0 ovrvhv;ovrvhv; [x]
    S0 rhudjd;rhudjd;c:\windows\system32\drivers\cgqqunvi.sys --> c:\windows\system32\drivers\cgqqunvi.sys [?]
    S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
    S2 gupdate1ca2220394c0864;Google Update Service (gupdate1ca2220394c0864);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2009 10:28 PM 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 1:55 AM 1355928]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
    S3 Code Composer Studio Platinum v3.1 Evaluation Tools;Code Composer Studio Platinum v3.1 Evaluation Tools;c:\program files\Common Files\Texas Instruments Shared\Service\ccstudio31FET.exe [9/17/2009 12:03 PM 72704]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/28/2010 12:55 AM 15008]
    S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 10:18 AM 20256]
    S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 12:40 PM 25888]
    S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 12:43 PM 11552]
    S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [5/25/2007 1:26 PM 22360]
    S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672]
    S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/15/2007 5:44 PM 11352]
    S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [7/13/2007 10:38 PM 11336]
    S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/19/2007 3:06 AM 11344]
    S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 10:32 PM 11552]
    S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/24/2007 7:37 PM 11336]
    S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/24/2007 7:37 PM 11336]
    S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/15/2007 6:31 PM 11352]
    S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552]
    S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [7/24/2007 10:01 PM 11352]
    S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/18/2007 10:47 AM 11392]
    S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/21/2007 12:19 AM 14464]
    S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/21/2007 12:19 AM 151683]
    S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/13/2007 8:01 PM 11368]
    S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/19/2007 1:49 PM 11360]
    S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [7/18/2007 9:11 PM 11904]
    S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [7/18/2007 9:12 PM 11896]
    S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [7/24/2007 3:29 PM 11552]
    S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 12:45 PM 20768]
    S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [6/30/2007 11:07 PM 11552]
    S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/19/2007 2:32 AM 11376]
    S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [7/17/2007 12:27 AM 11352]
    S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/16/2007 12:52 PM 11344]
    S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [6/16/2007 12:38 AM 11624]
    S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/19/2007 2:32 AM 11376]
    S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [6/1/2007 3:39 PM 11552]
    S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/24/2007 7:37 PM 11336]
    S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/15/2007 4:48 PM 11312]
    S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/15/2007 5:50 PM 11360]
    S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/17/2007 4:18 AM 11336]
    S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/18/2007 10:15 PM 11360]
    S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/24/2007 12:09 AM 11552]
    S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 11:48 AM 11384]
    S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 11:56 AM 11360]
    S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/24/2007 7:37 PM 11336]
    S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/24/2007 7:38 PM 11336]
    S3 PciCon;PciCon;\??\k:\pcicon.sys --> k:\PciCon.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
    S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
    S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [4/27/2009 11:36 PM 258560]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\system32\drivers\xds560.sys [10/22/2004 7:58 AM 28296]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASPI32
    *NewlyCreated* - NIPALK

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:21]

    2010-09-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-ALX-Administrator.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-02 07:28]

    2010-10-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-21 05:27]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 05:28]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 05:28]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-682003330-1606980848-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 08:22]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-682003330-1606980848-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 08:22]

    2010-10-21 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2010-10-21 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cyber-deployment.com
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.http - PROXYTUBE.INFO
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: o:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
    FF - plugin: o:\program files\iTunes\Mozilla Plugins\npitunes.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-ap - c:\documents and settings\Administrator\Application Data\PCenter\ap.exe
    MSConfigStartUp-Cmaudio - cmicnfg.cpl
    MSConfigStartUp-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
    MSConfigStartUp-NeroRebootSetup - c:\documents and settings\Administrator\Local Settings\Temp\nro.tmp\SetupX.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1390067357-682003330-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,27,43,91,94,e2,70,4e,9b,ef,40,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,27,43,91,94,e2,70,4e,9b,ef,40,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version "=hex:75,bb,85,46,42,a6,b3,ab,cf,27,48,3f,79,97,35,2e,f6,87,41,14,a6,
    d3,a7,27,15,9a,77,21,96,4d,af,fb,fe,7d,d4,5a,d6,ae,4f,a4,73,97,20,67,26,df,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
    "AB141C35E9F4BF344B9FC010BB17F68A "=" "
    "D18A5B74EDF030247A32FD1390DEB243 "= "o:\\CCStudio_v3.1_EVAL\\plugins\\bios\\textlogviewapp.dll "

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version "=hex:75,bb,85,46,42,a6,b3,ab,cf,27,48,3f,79,97,35,2e,f6,87,41,14,a6,
    d3,a7,27,15,9a,77,21,96,4d,af,fb,fe,7d,d4,5a,d6,ae,4f,a4,73,97,20,67,26,df,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1064)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'lsass.exe'(1148)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2010-10-21 16:16:51
    ComboFix-quarantined-files.txt 2010-10-21 23:16

    Pre-Run: 2,863,874,048 bytes free
    Post-Run: 2,871,431,168 bytes free

    - - End Of File - - B58029F5F731996A43420195EFFDBA34
     
    nysoprano,
    #16
  18. 2010/10/21
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    I had to rerun it because the first time it stalled and did not copy the log to c:\combofix.txt
     
    nysoprano,
    #17
  19. 2010/10/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\drivers\cgqqunvi.sys
c:\windows\system32\drivers\usb6xxxkl.sys


Driver::
ovrvhv
rhudjd
usb6xxxk

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #18
  20. 2010/10/22
    nysoprano

    nysoprano Inactive Thread Starter

    Joined:
    2010/10/18
    Messages:
    23
    Likes Received:
    0
    ComboFix 10-10-22.03 - Administrator 10/22/2010 22:26:48.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2185 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

    FILE ::
    "c:\windows\system32\drivers\cgqqunvi.sys "
    "c:\windows\system32\drivers\usb6xxxkl.sys "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WGASetup.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_OVRVHV
    -------\Service_ovrvhv
    -------\Service_rhudjd
    -------\Service_usb6xxxk


    ((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
    .

    2010-10-22 03:39 . 2010-10-22 03:39 -------- d---a-w- C:\boot
    2010-10-22 02:13 . 2010-08-27 06:05 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
    2010-10-22 02:13 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
    2010-10-22 02:13 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
    2010-10-22 02:13 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
    2010-10-21 12:26 . 2010-10-21 12:26 -------- d-----w- c:\program files\MSXML 4.0
    2010-10-21 06:05 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
    2010-10-21 06:05 . 2009-03-21 14:06 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
    2010-10-21 06:05 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
    2010-10-21 06:05 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
    2010-10-21 06:03 . 2010-08-26 13:37 357248 ------w- c:\windows\system32\dllcache\srv.sys
    2010-10-21 06:03 . 2009-08-25 09:17 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
    2010-10-21 06:03 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
    2010-10-21 06:03 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-21 06:03 . 2010-02-24 11:57 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-10-21 06:03 . 2010-02-05 18:29 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
    2010-10-21 06:03 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-10-21 06:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-10-21 06:03 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2010-10-21 06:03 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2010-10-21 06:01 . 2010-09-10 05:58 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-10-21 06:01 . 2010-09-10 05:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-10-21 06:01 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-10-21 06:00 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
    2010-10-21 06:00 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
    2010-10-21 06:00 . 2010-06-30 12:23 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-10-21 06:00 . 2009-09-11 14:13 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
    2010-10-21 06:00 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
    2010-10-21 06:00 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
    2010-10-21 05:59 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-10-21 05:58 . 2009-12-24 06:42 178176 ------w- c:\windows\system32\dllcache\wintrust.dll
    2010-10-21 05:58 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
    2010-10-21 05:56 . 2010-07-12 13:02 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
    2010-10-21 05:55 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2010-10-21 05:55 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-10-17 16:39 . 2010-10-17 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
    2010-10-17 16:37 . 2010-10-17 16:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2010-10-17 16:32 . 2010-10-23 01:56 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-10-17 16:32 . 2010-10-17 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2010-10-17 03:14 . 2010-10-17 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-10-15 00:35 . 2010-10-18 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
    2010-10-15 00:35 . 2010-10-15 00:35 -------- d-----w- c:\program files\Rosetta Stone
    2010-10-13 07:33 . 2010-10-13 07:33 -------- d-----w- C:\found.003
    2010-10-03 10:31 . 2010-10-15 21:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
    2010-10-03 10:31 . 2010-10-03 10:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2010-09-29 01:55 . 2010-09-29 01:55 -------- d-----w- C:\found.002

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 19:23 . 2008-04-14 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2008-04-14 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2008-04-14 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2008-04-14 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-13 23:27 . 2010-09-13 23:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-09-10 05:58 . 2008-10-15 23:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2008-04-14 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2008-04-14 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-07 10:49 . 2010-09-07 10:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-07 10:48 . 2010-09-07 10:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-07 10:48 . 2010-09-07 10:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-07 10:48 . 2010-09-07 10:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-09-01 11:51 . 2008-04-14 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:38 . 2008-10-31 13:52 1861888 ----a-w- c:\windows\system32\win32k.sys
    2010-08-28 07:55 . 2010-08-28 07:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-27 08:02 . 2008-04-14 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 06:05 . 2008-04-14 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:37 . 2008-09-08 09:37 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-23 16:12 . 2008-04-14 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-20 04:42 . 2010-08-20 04:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
    2010-08-20 04:42 . 2010-08-20 04:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2010-08-20 04:42 . 2010-08-20 04:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2010-08-17 13:17 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2008-04-14 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2004-03-16 00:51 . 2004-03-16 00:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
    2003-05-01 16:36 . 2003-05-01 16:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
    2006-01-23 17:32 . 2006-01-23 17:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
    2007-02-08 17:48 . 2007-02-08 17:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
    2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ------- Sigcheck -------

    [-] 2008-12-30 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


    c:\windows\System32\wscntfy.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-10-21_23.12.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-23 03:51 . 2010-10-23 03:51 16384 c:\windows\Temp\Perflib_Perfdata_9b4.dat
    - 2008-04-14 10:00 . 2008-04-14 10:00 75776 c:\windows\system32\strmfilt.dll
    + 2008-04-14 10:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
    + 2008-04-14 10:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
    - 2008-04-14 10:00 . 2008-04-14 10:00 79872 c:\windows\system32\raschap.dll
    + 2008-04-14 10:00 . 2010-10-23 02:28 75538 c:\windows\system32\perfc009.dat
    - 2008-04-14 10:00 . 2008-04-14 10:00 66560 c:\windows\system32\mtxclu.dll
    + 2008-04-14 10:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
    - 2009-03-08 11:31 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll
    + 2009-03-08 11:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
    + 2008-04-14 10:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
    + 2008-04-14 10:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
    - 2008-04-14 10:00 . 2008-04-14 10:00 84992 c:\windows\system32\avifil32.dll
    + 2008-04-14 10:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
    + 2008-04-14 10:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
    - 2008-04-14 10:00 . 2008-04-14 10:00 58880 c:\windows\system32\atl.dll
    + 2009-04-30 05:15 . 2010-10-23 02:43 4212 c:\windows\system32\zllictbl.dat
    - 2009-04-30 05:15 . 2010-10-21 22:15 4212 c:\windows\system32\zllictbl.dat
    + 2008-11-13 13:18 . 2009-12-24 06:42 178176 c:\windows\system32\wintrust.dll
    - 2008-04-22 15:00 . 2008-04-22 15:00 293376 c:\windows\system32\winsrv.dll
    + 2008-04-22 15:00 . 2010-06-18 17:43 293376 c:\windows\system32\winsrv.dll
    + 2008-04-14 10:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2009-03-11 05:18 . 2009-02-12 08:00 323072 c:\windows\system32\WgaTray.exe
    + 2009-03-11 05:18 . 2009-02-12 08:00 190976 c:\windows\system32\WgaLogon.dll
    + 2009-04-28 05:28 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
    + 2009-04-28 05:28 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
    + 2009-04-28 05:28 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
    + 2008-04-14 10:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
    - 2008-04-14 10:00 . 2008-04-14 10:00 406016 c:\windows\system32\usp10.dll
    + 2008-04-14 10:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
    - 2008-04-14 10:00 . 2008-04-14 10:00 474112 c:\windows\system32\shlwapi.dll
    + 2008-08-28 11:45 . 2010-06-30 12:23 149504 c:\windows\system32\schannel.dll
    + 2008-04-14 10:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
    + 2008-04-14 10:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
    + 2008-04-14 10:00 . 2010-10-23 02:28 451824 c:\windows\system32\perfh009.dat
    - 2008-04-14 10:00 . 2008-04-14 10:00 284160 c:\windows\system32\pdh.dll
    + 2008-04-14 10:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
    + 2008-06-24 10:06 . 2009-10-13 10:38 270336 c:\windows\system32\oakley.dll
    - 2008-06-24 10:06 . 2008-06-24 10:06 270336 c:\windows\system32\oakley.dll
    + 2009-03-08 11:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
    + 2009-04-28 05:31 . 2010-06-09 07:41 692736 c:\windows\system32\inetcomm.dll
    + 2008-04-14 10:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
    + 2009-03-11 05:18 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe
    + 2009-03-11 05:18 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
    + 2010-10-21 06:04 . 2010-06-09 07:41 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2010-10-22 02:13 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
    + 2008-04-14 10:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
    + 2008-10-15 23:04 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
    + 2008-09-09 11:15 . 2010-07-27 06:28 8463360 c:\windows\system32\shell32.dll
    + 2008-09-26 11:02 . 2010-07-16 12:04 1289216 c:\windows\system32\ole32.dll
    + 2008-09-04 15:12 . 2010-06-14 07:39 1172480 c:\windows\system32\msxml3.dll
    + 2008-12-12 16:14 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
    + 2009-03-11 05:18 . 2009-02-12 08:00 1481728 c:\windows\system32\LegitCheckControl.dll
    + 2009-03-08 11:32 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
    + 2009-04-27 22:14 . 2010-10-22 02:07 3524368 c:\windows\system32\FNTCACHE.DAT
    + 2009-03-08 11:39 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @= "{8D2223A2-B3C6-4e32-B096-CDD11F628C60} "
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-09-29 12:09 98328 ----a-w- i:\programs\Nero\Nero 9\InCD\NBHshx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "i:\programs\steam\steam.exe" [2010-08-24 1242448]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]
    "Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "Launch LgDevAgt "= "c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
    "Launch LCDMon "= "c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
    "Launch LGDCore "= "c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
    "Launch Ai Booster "= "c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
    "AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher "= "o:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
    "Acrobat Assistant 8.0 "= "o:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
    "BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
    "WD Button Manager "= "WDBtnMgr.exe" [2009-12-01 364544]
    "WinampAgent "= "c:\program files\Winamp1\winampa.exe" [2010-07-12 74752]
    "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-04 1038848]
    "ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-03-16 730480]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "AVG_TRAY "= "c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3 "= "advpack.dll" [2009-03-08 128512]
    "RunNarrator "= "Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
    Java SATARaid.lnk - c:\program files\Silicon Image\SI3114\run.bat [2009-4-30 92]
    Logitech SetPoint.lnk - o:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-27 809488]
    RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2009-5-1 724992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack "= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack "= 1 (0x1)
    "NoSetActiveDesktop "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LingvoSoft Application Manager 2008.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LingvoSoft Application Manager 2008.lnk
    backup=c:\windows\pss\LingvoSoft Application Manager 2008.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk
    backup=c:\windows\pss\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-08-02 07:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
    2006-11-14 21:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-04-28 08:22 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
    2006-01-06 19:07 348160 ----a-w- c:\windows\system32\hphmon04.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-09-29 12:09 1111064 ----a-w- i:\programs\Nero\Nero 9\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-09-21 23:36 305440 ----a-w- o:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]
    2008-09-29 12:09 2079256 ----a-w- i:\programs\Nero\Nero 9\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]
    2007-07-14 23:39 106064 ----a-w- i:\labview\NI-DAQ\HWConfig\nidevmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    2007-02-23 23:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-03-18 04:24 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-08-21 05:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "o:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "o:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe "=
    "o:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe "=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP "= 5353:TCP:Adobe CSI CS4
    "3703:TCP "= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP "= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP "= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP "= 51001:TCP:Adobe Version Cue CS4 Server
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
    R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [4/30/2009 11:59 PM 24971]
    R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 8:08 PM 15448]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400]
    R2 dlportio;54x_DSK_Parallel_Port_Driver;c:\windows\system32\dlportio.sys [10/22/2004 7:43 AM 3584]
    R2 drpkiont;drpkiont;c:\windows\system32\drpkiont.sys [10/22/2004 7:57 AM 3968]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3/16/2010 1:55 AM 26232]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3/16/2010 1:55 AM 488816]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [4/27/2009 11:39 PM 10384]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;i:\programs\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [9/29/2008 5:09 AM 108568]
    R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 11:21 AM 12696]
    R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [4/16/2007 3:40 PM 37376]
    R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [4/16/2007 3:40 PM 21504]
    R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [4/16/2007 5:04 PM 674304]
    R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 11:21 AM 12696]
    R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [4/16/2007 5:06 PM 50688]
    R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [4/16/2007 3:41 PM 30208]
    R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 12:18 PM 11552]
    R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [4/16/2007 3:42 PM 111616]
    R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 11:56 AM 11360]
    R2 xdsfast1;XDSFast1_ISA_Bus_Driver;c:\windows\system32\xdsfast1.sys [10/22/2004 7:57 AM 6112]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
    R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [4/27/2009 11:16 PM 1275584]
    R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [7/12/2007 6:18 PM 11360]
    R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [7/24/2007 12:19 PM 11360]
    R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/13/2007 8:00 PM 11360]
    S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [9/3/2010 10:35 AM 6104144]
    S2 gupdate1ca2220394c0864;Google Update Service (gupdate1ca2220394c0864);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2009 10:28 PM 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 1:55 AM 1355928]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
    S3 Code Composer Studio Platinum v3.1 Evaluation Tools;Code Composer Studio Platinum v3.1 Evaluation Tools;c:\program files\Common Files\Texas Instruments Shared\Service\ccstudio31FET.exe [9/17/2009 12:03 PM 72704]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/28/2010 12:55 AM 15008]
    S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 10:18 AM 20256]
    S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 12:40 PM 25888]
    S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 12:43 PM 11552]
    S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [5/25/2007 1:26 PM 22360]
    S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672]
    S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/15/2007 5:44 PM 11352]
    S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [7/13/2007 10:38 PM 11336]
    S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/19/2007 3:06 AM 11344]
    S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 10:32 PM 11552]
    S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/24/2007 7:37 PM 11336]
    S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/24/2007 7:37 PM 11336]
    S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/15/2007 6:31 PM 11352]
    S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552]
    S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [7/24/2007 10:01 PM 11352]
    S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/18/2007 10:47 AM 11392]
    S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/21/2007 12:19 AM 14464]
    S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/21/2007 12:19 AM 151683]
    S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/13/2007 8:01 PM 11368]
    S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/19/2007 1:49 PM 11360]
    S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [7/18/2007 9:11 PM 11904]
    S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [7/18/2007 9:12 PM 11896]
    S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [7/24/2007 3:29 PM 11552]
    S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 12:45 PM 20768]
    S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [6/30/2007 11:07 PM 11552]
    S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/19/2007 2:32 AM 11376]
    S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [7/17/2007 12:27 AM 11352]
    S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/16/2007 12:52 PM 11344]
    S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [6/16/2007 12:38 AM 11624]
    S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/19/2007 2:32 AM 11376]
    S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [6/1/2007 3:39 PM 11552]
    S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/24/2007 7:37 PM 11336]
    S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/15/2007 4:48 PM 11312]
    S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/15/2007 5:50 PM 11360]
    S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/17/2007 4:18 AM 11336]
    S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/18/2007 10:15 PM 11360]
    S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/24/2007 12:09 AM 11552]
    S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 11:48 AM 11384]
    S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 11:56 AM 11360]
    S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/24/2007 7:37 PM 11336]
    S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/24/2007 7:38 PM 11336]
    S3 PciCon;PciCon;\??\k:\pcicon.sys --> k:\PciCon.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
    S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [4/27/2009 11:36 PM 258560]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\system32\drivers\xds560.sys [10/22/2004 7:58 AM 28296]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASPI32
    *NewlyCreated* - NIPALK

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:21]

    2010-09-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-ALX-Administrator.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-02 07:28]

    2010-10-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-21 05:27]

    2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 05:28]

    2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 05:28]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-682003330-1606980848-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 08:22]

    2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-682003330-1606980848-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 08:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cyber-deployment.com
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\
    FF - prefs.js: browser.search.selectedEngine - IMDB
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.http - PROXYTUBE.INFO
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8hga98aq.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: o:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
    FF - plugin: o:\program files\iTunes\Mozilla Plugins\npitunes.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-22 22:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1390067357-682003330-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,27,43,91,94,e2,70,4e,9b,ef,40,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,27,43,91,94,e2,70,4e,9b,ef,40,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version "=hex:75,bb,85,46,42,a6,b3,ab,cf,27,48,3f,79,97,35,2e,f6,87,41,14,a6,
    d3,a7,27,15,9a,77,21,96,4d,af,fb,fe,7d,d4,5a,d6,ae,4f,a4,73,97,20,67,26,df,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤â€¢â‚¬|ù•A~*]
    "AB141C35E9F4BF344B9FC010BB17F68A "=" "
    "D18A5B74EDF030247A32FD1390DEB243 "= "o:\\CCStudio_v3.1_EVAL\\plugins\\bios\\textlogviewapp.dll "

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version "=hex:75,bb,85,46,42,a6,b3,ab,cf,27,48,3f,79,97,35,2e,f6,87,41,14,a6,
    d3,a7,27,15,9a,77,21,96,4d,af,fb,fe,7d,d4,5a,d6,ae,4f,a4,73,97,20,67,26,df,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1080)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'lsass.exe'(1164)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(952)
    c:\windows\system32\WININET.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    o:\program files\Logitech\SetPoint\GameHook.dll
    o:\program files\Logitech\SetPoint\lgscroll.dll
    i:\programs\Nero\Nero 9\InCD\NBHshx.dll
    i:\programs\Nero\Nero 9\InCD\NBHStr.dll
    c:\program files\Common Files\Nero\AdvrCntr4\AdvrCntr4.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-22 22:36:47
    ComboFix-quarantined-files.txt 2010-10-23 05:36
    ComboFix2.txt 2010-10-21 23:16

    Pre-Run: 2,403,655,680 bytes free
    Post-Run: 2,362,077,184 bytes free

    - - End Of File - - DF583BDD8769472DD305AD56B462AD83
     
    nysoprano,
    #19
  21. 2010/10/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is redirection?
    Any other current issues?
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...