Trojan help please!

tom8fallon8 · Jun 3, 2010

part 2

.text C:\WINDOWS\system32\lxdjcoms.exe[1264] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lxdjcoms.exe[1264] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lxdjcoms.exe[1264] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lxdjcoms.exe[1264] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[1400] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1580] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1660] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2176] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[2180] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe[2480] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[2520] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe[2672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2680] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2688] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2760] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3228] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\HP\KBD\KBD.EXE[3324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[4008] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A20FCEC

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D102BFF-A5E2-2B06-C79F-06FB20459A71}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D102BFF-A5E2-2B06-C79F-06FB20459A71}@iaacjdiipnlnlnenoa 0x6B 0x61 0x6D 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D102BFF-A5E2-2B06-C79F-06FB20459A71}@hagbpbafkmnjondn 0x6B 0x61 0x6D 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D102BFF-A5E2-2B06-C79F-06FB20459A71}@gapclgocpimnne 0x61 0x63 0x64 0x69 ...

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\_restore{D207F513-1AD2-4EA6-B9AE-1EC20364A2B0}\RP485\A0537951.RDB 1830400 bytes
File C:\System Volume Information\_restore{D207F513-1AD2-4EA6-B9AE-1EC20364A2B0}\RP485\A0537969.RDB 1830400 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1PQV46HF\result[1].htm 0 bytes
File C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

shelf life · Jun 3, 2010

I have newer directions for Gmer, i pasted in the old one, my bad. You can run this utility, then we should done.

Please download TDSS Killer.zip and save it to your desktop
Extract the zip file to your desktop.
Double click it to run. It will generate a log file in your root drive C:
Please post the log.

tom8fallon8 · Jun 3, 2010

You mean this yeah?

23:54:03:812 2596 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
23:54:03:812 2596 ================================================================================
23:54:03:812 2596 SystemInfo:

23:54:03:812 2596 OS Version: 5.1.2600 ServicePack: 3.0
23:54:03:812 2596 Product type: Workstation
23:54:03:812 2596 ComputerName: YOUR-A52C34C618
23:54:03:812 2596 UserName: HP_Owner
23:54:03:812 2596 Windows directory: C:\WINDOWS
23:54:03:812 2596 Processor architecture: Intel x86
23:54:03:812 2596 Number of processors: 1
23:54:03:812 2596 Page size: 0x1000
23:54:03:828 2596 Boot type: Normal boot
23:54:03:828 2596 ================================================================================
23:54:08:312 2596 Initialize success
23:54:08:312 2596
23:54:08:312 2596 Scanning Services ...
23:54:08:750 2596 Raw services enum returned 377 services
23:54:08:765 2596
23:54:08:765 2596 Scanning Drivers ...
23:54:09:765 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:54:10:203 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:54:10:515 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:54:10:718 2596 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:54:10:937 2596 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:54:11:171 2596 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:54:11:640 2596 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:54:11:890 2596 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
23:54:12:156 2596 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:54:12:625 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:54:12:828 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:54:13:437 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:54:13:984 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:54:14:390 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:54:14:781 2596 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys
23:54:15:000 2596 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys
23:54:15:234 2596 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:54:15:437 2596 BTSERIAL (af3cc52fc040a402a6ad07ac1bd4fe76) C:\WINDOWS\system32\drivers\btserial.sys
23:54:15:640 2596 BTSLBCSP (e233ae94f1b66ddbfbca9566d0f7fdba) C:\WINDOWS\system32\drivers\btslbcsp.sys
23:54:15:890 2596 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:54:16:093 2596 btwmodem (49d358c0f2eebdd545270f6935b63ad9) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
23:54:16:265 2596 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
23:54:16:453 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:54:16:656 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:54:16:781 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:54:17:031 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:54:17:562 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:54:17:968 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:54:18:203 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:54:18:500 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:54:18:687 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:54:19:078 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:54:19:281 2596 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:54:19:625 2596 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:54:20:062 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:54:20:578 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:54:21:109 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:54:21:468 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:54:21:875 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:54:22:250 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:54:22:562 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:54:23:140 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:54:23:468 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:54:24:015 2596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:54:24:687 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:54:25:859 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:54:26:390 2596 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:54:27:015 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:54:27:843 2596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:54:28:218 2596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:54:28:671 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:54:29:140 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:54:29:500 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:54:29:859 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:54:30:343 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:54:30:656 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:54:31:046 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:54:31:406 2596 ISWKL (408e827e1132696cae776f23056778c6) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
23:54:32:093 2596 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
23:54:32:609 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:54:33:296 2596 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
23:54:34:156 2596 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
23:54:34:546 2596 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
23:54:35:000 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:54:35:437 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:54:36:203 2596 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
23:54:36:781 2596 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
23:54:37:281 2596 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
23:54:37:625 2596 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
23:54:37:968 2596 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
23:54:38:375 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:54:38:703 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:54:39:140 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:54:39:609 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:54:40:250 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:54:41:421 2596 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:54:42:968 2596 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:54:43:968 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:54:44:437 2596 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:54:44:812 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:54:45:390 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:54:45:796 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:54:46:250 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:54:46:781 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:54:47:171 2596 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:54:47:609 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:54:48:171 2596 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:54:48:578 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:54:48:968 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:54:49:234 2596 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:54:49:890 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:54:50:421 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:54:50:734 2596 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:54:51:000 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:54:51:453 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:54:51:734 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:54:52:046 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:54:52:421 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:54:52:765 2596 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:54:53:125 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:54:53:578 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:54:54:078 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:54:54:406 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:54:54:875 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:54:55:109 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:54:56:390 2596 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
23:54:56:578 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:54:56:765 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:54:57:031 2596 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
23:54:57:312 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:54:57:609 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:54:57:859 2596 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:54:59:593 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:54:59:937 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:55:00:312 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:55:00:609 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:55:01:000 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:55:01:328 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:55:01:734 2596 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:55:02:218 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:55:02:625 2596 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
23:55:02:921 2596 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
23:55:03:140 2596 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
23:55:03:343 2596 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
23:55:03:562 2596 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys
23:55:03:843 2596 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
23:55:04:156 2596 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys
23:55:04:796 2596 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys
23:55:05:484 2596 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys
23:55:06:312 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:55:06:750 2596 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:55:07:328 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:55:07:656 2596 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
23:55:08:062 2596 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
23:55:08:515 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:55:09:109 2596 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
23:55:09:531 2596 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
23:55:09:859 2596 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
23:55:10:468 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:55:10:953 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:55:11:265 2596 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
23:55:11:781 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:55:12:187 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:55:13:515 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:55:13:953 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:55:14:359 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:55:14:640 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:55:15:093 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:55:16:031 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:55:16:781 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:55:17:171 2596 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:55:17:531 2596 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:55:17:718 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:55:18:125 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:55:18:375 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:55:18:703 2596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:55:19:140 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:55:19:359 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:55:19:640 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:55:20:093 2596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:55:20:437 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:55:20:953 2596 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
23:55:21:250 2596 viagfx (220d565a3afdea901dabc67a5c81a121) C:\WINDOWS\system32\DRIVERS\vtmini.sys
23:55:21:531 2596 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:55:21:781 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:55:22:078 2596 vsdatant (ba3dcd8da2e4f17dfea68af3bd0aed17) C:\WINDOWS\system32\vsdatant.sys
23:55:22:328 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:55:23:671 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:55:24:265 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:55:24:796 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:55:24:812 2596
23:55:24:812 2596 Completed
23:55:24:812 2596
23:55:24:812 2596 Results:
23:55:24:812 2596 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:55:24:812 2596 File objects infected / cured / cured on reboot: 0 / 0 / 0
23:55:24:812 2596
23:55:25:078 2596 KLMD(ARK) unloaded successfully

shelf life · Jun 4, 2010

ok thanks for the info. That last log you ran looks good. You can delete the Gmer icon from your desktop. One more download to run. Its called Combofix. There is a short guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log.

Guide to using Combofix

tom8fallon8 · Jun 4, 2010

ComboFix 10-06-03.01 - HP_Owner 04/06/2010 1:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.1036 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc107.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc10A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc114.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc116.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc119.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc11F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc121.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc125.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc126.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc127.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc12C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc12F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc130.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc131.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc133.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc134.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc13B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc13D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc143.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc144.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc146.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc14C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc14F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc150.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc152.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc153.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc155.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc15F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc16F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc174.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc175.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc178.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc179.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc180.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc186.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc18D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc18E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc190.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc195.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc19B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc19E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1A2.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1A5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1B4.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1BA.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1BF.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1C2.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1CA.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1D0.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1D3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1EE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1F5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc20.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc200.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc20B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc20C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc21.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc21F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc225.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc23.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc233.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc234.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc24.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc24C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc25.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc258.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc25B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc269.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc27.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc28.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc288.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc28D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc29.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc29D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2AF.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2DD.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2EE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc313.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc31B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc31F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc32.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc333.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc34.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc35.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc36.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc37.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc38.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc384.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc39.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc395.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3C8.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3D0.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3D5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc40.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc40A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc41.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc42E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc43F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc45.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc483.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4CD.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc50F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc52C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc54B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc55B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc598.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc5D3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc6.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc69B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc87E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccAD.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccB3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccFF.tmp
c:\windows\system32\tmp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-03 15:31 . 2010-06-03 15:31 93056 ----a-w- C:\kwgyakog.sys
2010-06-02 22:23 . 2010-06-02 22:23 -------- d-----w- c:\documents and settings\HP_Owner\Downloads
2010-05-30 22:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-30 22:30 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 17:56 . 2010-05-25 17:56 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 17:56 . 2010-05-25 17:56 -------- d-----w- c:\program files\Trend Micro
2010-05-22 23:01 . 2010-05-22 23:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\MakeitOne
2010-05-22 23:01 . 2010-05-22 23:01 -------- d-----w- c:\program files\MakeitOne
2010-05-22 22:55 . 2010-05-22 22:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AnvSoft
2010-05-22 22:55 . 2010-05-22 22:55 -------- d-----w- c:\program files\AnvSoft
2010-05-22 22:46 . 2010-05-22 22:46 1956808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-22 22:14 . 2010-05-22 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-22 22:14 . 2010-05-22 22:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVS4YOU
2010-05-22 22:10 . 2010-05-22 22:23 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-22 22:09 . 2008-07-11 11:25 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-22 22:09 . 2010-05-22 22:23 -------- d-----w- c:\program files\AVS4YOU
2010-05-22 17:04 . 2010-05-22 17:48 -------- d-----w- c:\program files\Audacity
2010-05-22 01:43 . 2010-05-22 01:43 1300 ----a-w- C:\fix.reg
2010-05-21 23:49 . 2010-05-21 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-05-21 23:30 . 2010-05-21 23:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\CheckPoint
2010-05-21 23:29 . 2010-05-21 23:29 -------- d-----w- c:\program files\CheckPoint
2010-05-21 23:29 . 2010-05-21 23:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-21 23:29 . 2010-03-24 18:10 72584 ----a-w- c:\windows\zllsputility.exe
2010-05-21 23:29 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-05-21 23:28 . 2010-03-24 18:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-21 23:28 . 2010-03-24 18:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-21 23:28 . 2010-05-22 00:31 -------- d-----w- c:\windows\system32\ZoneLabs
2010-05-21 23:28 . 2010-03-24 18:10 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-21 23:28 . 2010-05-21 23:28 -------- d-----w- c:\program files\Zone Labs
2010-05-21 23:16 . 2010-06-04 00:33 -------- d-----w- c:\windows\Internet Logs
2010-05-21 20:34 . 2010-05-22 12:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 20:34 . 2010-05-21 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 15:12 . 2010-05-21 19:39 -------- d-----w- c:\program files\res
2010-05-21 15:02 . 2010-05-21 15:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-19 18:18 . 2010-05-19 18:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\lnduskywu
2010-05-19 18:16 . 2010-05-19 18:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-19 16:15 . 2010-05-19 16:15 -------- d-----w- c:\program files\AVG
2010-05-15 19:44 . 2010-05-23 17:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-14 23:03 . 2010-05-14 23:03 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\ofkjccvxs
2010-05-12 15:21 . 2010-05-12 15:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-12 15:16 . 2010-05-12 15:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-08 17:11 . 2010-05-08 17:11 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\DVDVideoSoftIEHelpers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 00:30 . 2008-10-07 20:46 -------- d-----w- c:\program files\Lx_cats
2010-06-03 22:49 . 2006-01-04 18:17 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-03 02:48 . 2010-06-03 11:16 1828352 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-06-02 16:17 . 2010-06-02 16:18 1824768 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-05-31 22:35 . 2010-05-31 22:36 1815552 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-05-31 10:58 . 2005-01-01 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-31 10:58 . 2005-01-01 11:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-31 10:34 . 2006-12-04 11:24 -------- d-----w- c:\program files\Yahoo!
2010-05-30 22:31 . 2009-12-31 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 02:57 . 2010-05-24 14:54 1691648 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-05-23 01:33 . 2010-05-23 09:42 2915840 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-05-23 01:33 . 2010-05-23 09:42 1904128 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-05-23 01:32 . 2010-05-23 09:42 1904128 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-05-22 17:28 . 2010-05-22 17:28 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\FreeAudioPack
2010-05-21 21:41 . 2005-04-27 19:08 23616 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-21 20:52 . 2005-01-01 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 19:48 . 2009-06-17 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-12 15:19 . 2007-11-05 14:33 -------- d-----w- c:\program files\Google
2010-05-08 17:10 . 2009-01-27 20:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-01 09:44 . 2008-11-27 19:10 -------- d-----w- c:\program files\iTunes
2010-05-01 09:39 . 2010-05-01 09:39 -------- d-----w- c:\program files\iPod
2010-05-01 09:38 . 2007-11-04 21:11 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 09:27 . 2010-05-01 09:27 -------- d-----w- c:\program files\Bonjour
2010-05-01 09:07 . 2010-05-01 09:07 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-01 01:15 . 2009-11-24 22:20 22312 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-21 21:46 . 2009-03-31 19:34 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 15:10 . 2010-04-06 15:10 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Propellerhead Software
2010-04-06 15:10 . 2010-04-06 15:10 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-04-06 15:10 . 2010-04-06 15:10 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-04-06 15:10 . 2010-04-06 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2010-04-05 21:24 . 2010-01-08 23:40 -------- d-----w- c:\program files\VstPlugins
2010-03-11 12:38 . 2006-01-04 18:20 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-01-04 18:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-01-04 18:17 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-01-04 18:20 430080 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-03-16 730480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4r.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\Wireless\\lxdjwpss.exe"=
"c:\\WINDOWS\\system32\\lxdjcfg.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [16/03/2010 09:55 26232]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [16/03/2010 09:55 488816]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2010 16:16 136176]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [03/11/2008 12:39 99248]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmd23
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:16]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:16]

2010-03-05 c:\windows\Tasks\Install_NSS.job
- c:\program files\Vuze\nssstub.exe [2010-03-02 22:19]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: eafootballworld.com\www
Trusted Zone: easports.com
Trusted Zone: motive.com\pbttbc.bt
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\mv8gbi9m.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{7762A897-2A75-4E3F-A3A7-55BD098B9879} - c:\program files\toolbartv\tbtoo1.dll
HKCU-Run-eyeBeam SIP Client - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
SafeBoot-klmdb.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Klinn's ElectroSet (RCT3)_is1 - c:\filesatarirollercoaster tycoon 3stylethemed\RollerCoaster Tycoon 3\Style\Themed\KLN-ElectroSet\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 02:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-534266734-3540294902-2018311696-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D102BFF-A5E2-2B06-C79F-06FB20459A71}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaacjdiipnlnlnenoa"=hex:6b,61,6d,69,69,64,6b,66,70,65,69,70,6b,64,6f,6b,63,6f,
6a,6d,6e,63,00,00
"hagbpbafkmnjondn"=hex:6b,61,6d,69,69,64,6b,66,70,65,69,70,6b,64,6f,6b,63,6f,
6a,6d,6e,63,00,00
"gapclgocpimnne"=hex:61,63,64,69,6a,69,61,66,65,68,6e,6b,6c,64,66,6b,65,65,66,
6d,66,67,6b,62,65,65,67,70,65,63,67,62,67,69,6e,6c,68,6e,6c,63,6e,67,62,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(800)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-06-04 02:43:36
ComboFix-quarantined-files.txt 2010-06-04 01:43

Pre-Run: 32,449,409,024 bytes free
Post-Run: 34,787,340,288 bytes free

- - End Of File - - 915CE1ABABCB9B7EAE4A5354ED1CB2D7

shelf life · Jun 4, 2010

Not much there in the Combofix log. Hows it looking on your end now?

tom8fallon8 · Jun 5, 2010

Firefox still freezes from time to time but rarely redirects any links that I click or opens tabs by itself, I don't think there's much more you can do tbh. I'll keep scanning malwarebytes, spybot, zone alarm etc. from time to time to check there's no trojans or whatever. What do you think of zone alarm? Would you recommend any better security software?

shelf life · Jun 5, 2010

I had a annoying problem with FF awhile back. The quickest solution was to export my bookmarks, totally un-install FF then re-install it and import the bookmarks. There is also this.

If you haven't yet you can delete the Root Repeal and Gmer icon from your desktop. Keep Malwarebytes and note that it must be updated manually and a scan started manually.
you can remove combofix like this;
start>run and type in combofix /u
click ok or enter
note: there is a space after the x and before the /

What do you think of zone alarm? Would you recommend any better security software?

Iam sure you would get many different opinions on it. I really dont have one or can suggest one AV over the other. Normally if somebody needs AV I just post links to the 'free for home users' AV.

If all is good on your end, some tips to help you remain malware free:

10 Tips for Reducing/Preventing Your Risk To Malware:

In no special order

1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. There is no reason why your computer can not stay malware free.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Or see a slideshow on how to configure IE 8.0.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

tashi · Jun 17, 2010

Thank you shelf life.

Trojan help please!

tom8fallon8

New member

shelf life

Emeritus

tom8fallon8

New member

shelf life

Emeritus

tom8fallon8

New member

shelf life

Emeritus

tom8fallon8

New member

shelf life

Emeritus

tashi

Member of Team Spybot