Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there a VIRUS involved, please?


  • This topic is locked This topic is locked
30 replies to this topic

#1 Reena

Reena

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 02 November 2010 - 05:47 PM

My PC has slowed down a lot this week. I have checked with MalwareBytes' Anti Malware, Ad Aware and Avira AntiVirus and all seems well.

This evening I decided to try the HiJack This programme and realise from my limited knowledge that all is not well. I also received the following message:

"For some reason your system denied write access to the Hosts file. If any highjacked domains are in this file Highjack This may not be able to fix this. "


1. I need help, please, with the Hosts problem. It is quite new to me.

2. I would appreciate it if someone checked my Highjack This file. I know there certain procedures I need to follow before I post it.

My thanks in anticipation. In the past I have always had first-class help/advice from the experts at Bleeping Computer.


Windows 7
Internet Explorer 8
Avira Anti-Virus
MalwareBytes' Anti-Malware
Ad-Aware
Zone Alarm
WinPatrol

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
c:\program files\avira\antivir desktop\avgnt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IL8Q51K\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\getright.lnk - c:\program files\getright\GetRight.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-16 64288]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-24 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-24 60936]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-5-7 219360]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-5-7 68136]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 493048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1357464]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 6096384]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 214016]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-7 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-10-29 90864]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-2 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2010-11-02 14:54:36 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1ce6c1cf-7afc-4754-afa3-ea198f2b02bb}\mpengine.dll
2010-10-31 20:09:35 -------- d-----w- c:\users\maureen\appdata\roaming\CheckPoint
2010-10-31 20:08:45 -------- d-----w- c:\program files\Conduit
2010-10-31 20:08:20 -------- d-----w- c:\program files\ZoneAlarm_Security
2010-10-31 20:06:29 -------- d-----w- c:\program files\CheckPoint
2010-10-31 20:06:10 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-10-31 20:06:00 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-31 20:05:55 461400 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-10-31 20:05:55 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-31 20:05:55 -------- d-----w- c:\program files\Zone Labs
2010-10-31 20:04:48 -------- d-----w- c:\windows\Internet Logs
2010-10-31 20:04:48 -------- d-----w- c:\progra~2\CheckPoint
2010-10-29 20:51:38 -------- d-----w- c:\users\maureen\appdata\roaming\WinPatrol
2010-10-29 20:51:35 -------- d-----w- c:\program files\BillP Studios
2010-10-29 20:51:34 -------- d-----w- c:\progra~2\InstallMate
2010-10-26 19:58:02 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 19:58:02 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 19:58:02 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 19:58:02 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 19:57:42 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 21:23:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-24 20:03:23 -------- d-----w- c:\users\maureen\appdata\local\Logitech-LS
2010-10-24 16:03:44 89088 ----a-w- c:\windows\system32\atl71.dll
2010-10-24 16:03:44 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2010-10-24 16:03:44 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2010-10-24 16:03:44 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2010-10-24 16:03:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2010-10-24 16:03:44 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2010-10-24 16:03:44 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2010-10-24 16:03:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2010-10-24 16:03:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2010-10-24 16:03:44 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-10-24 16:03:44 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2010-10-23 21:28:19 -------- d-----w- c:\progra~2\PCPitstop
2010-10-23 21:28:15 -------- d-----w- c:\program files\PCPitstop
2010-10-23 19:21:41 -------- d-----w- c:\program files\bfgclient
2010-10-23 19:11:35 -------- d-----w- C:\BigFishGamesCache
2010-10-23 15:44:44 -------- d-----w- c:\users\maureen\appdata\local\SmoothDraw
2010-10-23 15:19:08 -------- d-----w- c:\program files\SmoothDraw
2010-10-23 10:15:23 -------- d-----w- c:\users\maureen\appdata\roaming\Windows Live Writer
2010-10-23 10:15:23 -------- d-----w- c:\users\maureen\appdata\local\Windows Live Writer
2010-10-23 09:53:20 -------- d-----w- c:\windows\en
2010-10-23 09:53:03 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-23 09:51:12 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-23 09:51:12 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-23 09:51:12 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-23 09:47:35 469256 ----a-w- c:\program files\common files\windows live\.cache\4f713d231cb72972b\InstallManager_WLE_WLE.exe
2010-10-23 09:47:16 15712 ----a-w- c:\program files\common files\windows live\.cache\4684141e1cb729720\MeshBetaRemover.exe
2010-10-23 09:47:01 94040 ----a-w- c:\program files\common files\windows live\.cache\3d5907521cb729718\DSETUP.dll
2010-10-23 09:47:01 525656 ----a-w- c:\program files\common files\windows live\.cache\3d5907521cb729718\DXSETUP.exe
2010-10-23 09:47:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\3d5907521cb729718\dsetup32.dll
2010-10-23 09:47:00 525656 ----a-w- c:\program files\common files\windows live\.cache\3c4e6d341cb729717\DXSETUP.exe
2010-10-23 09:46:59 94040 ----a-w- c:\program files\common files\windows live\.cache\3c4e6d341cb729717\DSETUP.dll
2010-10-23 09:46:59 1691480 ----a-w- c:\program files\common files\windows live\.cache\3c4e6d341cb729717\dsetup32.dll
2010-10-23 09:46:19 -------- d-----w- c:\users\maureen\appdata\local\Windows Live
2010-10-23 09:45:51 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-23 09:45:51 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-23 09:45:51 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-17 19:06:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-17 15:27:18 -------- d-----w- C:\filmtype
2010-10-17 15:18:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-17 15:18:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-17 15:18:18 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-10-17 15:18:01 245408 ----a-w- c:\windows\system32\unicows.dll
2010-10-17 15:16:42 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-10-17 15:16:42 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-10-17 15:16:42 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-10-17 15:16:42 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-10-17 15:09:45 -------- d-----w- c:\windows\OvtCam
2010-10-17 15:09:45 -------- d-----w- c:\windows\OVT
2010-10-17 15:09:44 -------- d-----w- c:\program files\OVT
2010-10-16 15:45:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-16 15:45:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-16 14:44:37 -------- d-----w- c:\users\maureen\appdata\local\Sunbelt Software
2010-10-16 14:44:14 -------- dc-h--w- c:\progra~2\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-16 14:44:11 -------- d-----w- c:\program files\Lavasoft
2010-10-15 10:32:58 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 10:32:53 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 10:32:53 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 10:32:11 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-15 10:32:11 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 10:32:02 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 10:32:00 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 10:32:00 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 10:32:00 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 10:32:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 10:31:55 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 10:27:35 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

==================== Find3M ====================

2010-11-02 11:38:12 17488 ----a-w- c:\windows\gdrv.sys
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 13:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 22:15:09.79 ===============

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 22:36:19
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Maureen\AppData\Local\Temp\uwddifob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x900ACBBA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x900AD48A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x900AC610]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x900A5E42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x900C7760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x900AD11A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x900C15AE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x900C19D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x900CBEE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x900C1E4A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x900AD278]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x900A6B7E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x900C9212]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x900C8B06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x900C038E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x900C9BE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x900C9E1E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x900CA2D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x900A6730]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x900C3AD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x900C36C2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x900CACB8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x900CA59A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x900AC1A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x900CB71E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x900AC8DC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x900A6F8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x900CB242]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x900C8226]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x900C26D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x900C2404]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8307B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8309FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 830A7758 8 Bytes [BA, CB, 0A, 90, 8A, D4, 0A, ...] {MOV EDX, 0x8a900acb; AAM ; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830A77EC 4 Bytes [10, C6, 0A, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 830A7808 4 Bytes [42, 5E, 0A, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 830A7818 4 Bytes [60, 77, 0C, 90] {PUSHA ; JA 0xf; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 324 830A7834 1 Byte [1A]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92226000, 0x331A84, 0xE8000020]
? C:\Users\Maureen\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[348] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[372] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[416] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[480] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[532] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[548] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[556] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[732] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] user32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[816] user32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[860] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[972] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] kernel32.dll!SetUnhandledExceptionFilter 77B63162 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!GetWindowMinimizeRect + 377 77EBBFE9 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!CreateWindowExW 77EC0E51 5 Bytes JMP 6DDA8187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!DialogBoxIndirectParamW 77EE4AA7 5 Bytes JMP 6DECFE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!DialogBoxParamW 77EE564A 5 Bytes JMP 6DCC4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!DialogBoxParamA 77EFCF6A 5 Bytes JMP 6DECFDED C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!DialogBoxIndirectParamA 77EFD29C 5 Bytes JMP 6DECFEB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!MessageBoxIndirectA 77F0E8C9 5 Bytes JMP 6DECFD82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!MessageBoxIndirectW 77F0E9C3 5 Bytes JMP 6DECFD17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!MessageBoxExA 77F0EA29 5 Bytes JMP 6DECFCB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] USER32.dll!MessageBoxExW 77F0EA4D 5 Bytes JMP 6DECFC53 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!sendto 76733AED 5 Bytes JMP 20AE3D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!closesocket 76733BED 5 Bytes JMP 20AE3BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!recv 767347DF 5 Bytes JMP 20AE3C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!WSASend 767368A7 5 Bytes JMP 20AE3F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!WSARecv 7673C29F 5 Bytes JMP 20AE3E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!send 7673C4C8 5 Bytes JMP 20AE3CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!WSASendDisconnect 7674AD39 5 Bytes JMP 20AE409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[992] WS2_32.dll!WSASendTo 7674ADC4 5 Bytes JMP 20AE3FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[1200] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1220] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1488] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1728] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1728] USER32.dll!GetWindowMinimizeRect + 377 77EBBFE9 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1836] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[1912] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] kernel32.dll!SetUnhandledExceptionFilter 77B63162 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2480] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2828] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2868] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3028] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3152] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3336] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3372] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3472] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3480] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3548] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Maureen\Desktop\gmer\gmer.exe[3616] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\GetRight\GetRight.exe[3712] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[3960] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[4112] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4276] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4300] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[4304] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Mail\wlmail.exe[4564] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[4604] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4960] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[5052] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[5076] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] kernel32.dll!SetUnhandledExceptionFilter 77B63162 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!CreateDialogParamW 77EB9BFF 5 Bytes JMP 6DCFC570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!EnableWindow 77EBA72E 5 Bytes JMP 6DCFC4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!GetWindowMinimizeRect + 377 77EBBFE9 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!GetAsyncKeyState 77EBC09A 5 Bytes JMP 6DCBD6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!UnhookWindowsHookEx 77EBCC7B 5 Bytes JMP 6DDB838A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!CallNextHookEx 77EBCC8F 5 Bytes JMP 6DD99D7C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!CreateWindowExW 77EC0E51 5 Bytes JMP 6DDA8187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!SetWindowsHookExW 77EC210A 5 Bytes JMP 6DD54633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!GetKeyState 77EC4FDA 5 Bytes JMP 6DCFD762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!IsDialogMessageW 77EC6F06 5 Bytes JMP 6DCC4284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!CreateDialogParamA 77ED3E79 5 Bytes JMP 6DED0A6C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!IsDialogMessage 77ED407A 5 Bytes JMP 6DED030D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!CreateDialogIndirectParamA 77ED9110 5 Bytes JMP 6DED0AA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!CreateDialogIndirectParamW 77EE08AD 5 Bytes JMP 6DED0ADA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!DialogBoxIndirectParamW 77EE4AA7 5 Bytes JMP 6DECFE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!EndDialog 77EE555C 5 Bytes JMP 6DCC5AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!DialogBoxParamW 77EE564A 5 Bytes JMP 6DCC4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!SetKeyboardState 77EE6B52 5 Bytes JMP 6DED0672 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!SendInput 77EE7055 5 Bytes JMP 6DED1238 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!SetCursorPos 77EFC1D8 5 Bytes JMP 6DED1290 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!DialogBoxParamA 77EFCF6A 5 Bytes JMP 6DECFDED C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!DialogBoxIndirectParamA 77EFD29C 5 Bytes JMP 6DECFEB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!MessageBoxIndirectA 77F0E8C9 5 Bytes JMP 6DECFD82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!MessageBoxIndirectW 77F0E9C3 5 Bytes JMP 6DECFD17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!MessageBoxExA 77F0EA29 5 Bytes JMP 6DECFCB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!MessageBoxExW 77F0EA4D 5 Bytes JMP 6DECFC53 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] USER32.dll!keybd_event 77F0EC9B 5 Bytes JMP 6DED15C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] SHELL32.dll!SHChangeNotification_Lock + 45BA 769CB440 4 Bytes [11, 36, 39, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] SHELL32.dll!SHChangeNotification_Lock + 45C2 769CB448 8 Bytes [5F, 35, 39, 70, D0, 73, 38, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ole32.dll!OleLoadFromStream 77BF5BF6 5 Bytes JMP 6DED01C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] ole32.dll!CoCreateInstance 77C4590C 5 Bytes JMP 6DDA8C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!sendto 76733AED 5 Bytes JMP 20AE3D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!closesocket 76733BED 5 Bytes JMP 20AE3BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!recv 767347DF 5 Bytes JMP 20AE3C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!WSASend 767368A7 5 Bytes JMP 20AE3F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!WSARecv 7673C29F 5 Bytes JMP 20AE3E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!send 7673C4C8 5 Bytes JMP 20AE3CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!WSASendDisconnect 7674AD39 5 Bytes JMP 20AE409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5080] WS2_32.dll!WSASendTo 7674ADC4 5 Bytes JMP 20AE3FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5088] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[5528] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe[5548] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] ntdll.dll!NtAccessCheckByType 77D94640 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] ntdll.dll!NtAlpcImpersonateClientOfPort 77D94820 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] ntdll.dll!NtImpersonateClientOfPort 77D94F30 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] ntdll.dll!NtSetInformationProcess 77D95AE0 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] kernel32.dll!OpenProcess 77B573E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] USER32.dll!FindWindowA 77EBA818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] USER32.dll!FindWindowW 77EBCF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] ADVAPI32.dll!SetThreadToken 762BCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\avira\antivir desktop\avgnt.exe[5860] ADVAPI32.dll!ImpersonateNamedPipeClient 762F2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 03 November 2010 - 04:05 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 08:38 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 10:42 AM

Thank you, Elise025, for helpng out with my problem(s).

Although I have used bleeping computer on and off for many years I seem to have made a right mess of my postings this time. My apologies for all my errors.

The message

"For some reason your system denied write access to the Hosts file...."

no longer appears ; why I don't know.

A problem I have with the OTL programme is that only one report opens. (I did this twice).

I have downloaded the rootkit unhooker and the programme to unzip the .rar files. Unfortunately I cannot correlate the two. I do have the GMER rootkit results if these are appropriate?

Reena (UK)

..................................................................

Here is the first OTL REPORT

OTL logfile created on: 11/11/2010 15:19:16 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Maureen\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 889.70 Gb Free Space | 95.52% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 300.44 Gb Free Space | 64.50% Space Free | Partition Type: NTFS

Computer Name: MAUREEN-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 15:13:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
PRC - [2010/11/03 21:37:34 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/03 21:37:26 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/02 21:16:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/02 21:16:48 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 21:16:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/28 10:08:20 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/04 18:24:28 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/23 00:10:22 | 000,092,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2010/09/22 22:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/04 00:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 00:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/21 14:33:28 | 007,858,720 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 15:13:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
MOD - [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/06/10 21:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 21:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/03 21:37:26 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/02 21:16:48 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/13 10:18:30 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/04 00:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/02 12:40:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/11/11 14:17:21 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/11/03 21:38:58 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/02 21:16:48 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/02 21:16:48 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/08/12 12:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/04 01:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/04 01:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 00:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/07 14:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/21 14:26:08 | 002,782,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/20 16:04:54 | 000,189,440 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/17 18:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 20:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 05:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/08 20:18:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk I:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 15:13:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
[2010/11/10 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Image 2
[2010/11/09 21:05:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/07 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Dodger
[2010/11/06 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\RP
[2010/11/04 20:42:14 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\spectacles 2008
[2010/11/04 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\glasses 2
[2010/11/04 20:33:20 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\for glasses 1
[2010/11/04 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\NOV SLIDES
[2010/11/03 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\BC info
[2010/11/03 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Autumn 2010
[2010/11/02 22:36:33 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\For Bleeping Computer info
[2010/10/31 20:09:35 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Documents\ForceField Shared Files
[2010/10/31 20:09:35 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\CheckPoint
[2010/10/31 20:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/10/31 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010/10/31 20:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/31 20:05:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/10/31 20:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/31 20:04:48 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/10/31 20:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/10/29 20:51:38 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\WinPatrol
[2010/10/29 20:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/10/29 20:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2010/10/27 14:54:18 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\backups
[2010/10/26 16:11:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Maureen\Desktop\HijackThisoct2010.exe
[2010/10/26 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Spectacles
[2010/10/25 21:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/10/24 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Logitech-LS
[2010/10/24 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/24 15:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/10/23 21:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/10/23 21:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/10/23 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/10/23 19:11:35 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2010/10/23 15:44:44 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\SmoothDraw
[2010/10/23 15:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\SmoothDraw
[2010/10/23 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Windows Live Writer
[2010/10/23 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Windows Live Writer
[2010/10/23 09:53:20 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/23 09:46:19 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Windows Live
[2010/10/17 15:27:18 | 000,000,000 | ---D | C] -- C:\filmtype
[2010/10/17 15:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/10/17 15:18:18 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2010/10/17 15:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/10/17 15:16:43 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\ArcSoft
[2010/10/17 15:09:45 | 000,000,000 | ---D | C] -- C:\Windows\OvtCam
[2010/10/17 15:09:45 | 000,000,000 | ---D | C] -- C:\Windows\OVT
[2010/10/17 15:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\OVT
[2010/10/16 15:53:16 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\AUCTIONS
[2010/10/16 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\DOWNLOADS
[2010/10/16 15:49:29 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\PHOTOS
[2010/10/16 15:47:53 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\AMAZON
[2010/10/16 15:45:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/10/16 15:45:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/10/16 15:45:10 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/16 14:44:37 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Sunbelt Software
[2010/10/16 14:44:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/16 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/16 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 15:13:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
[2010/11/11 14:51:48 | 000,000,246 | ---- | M] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please (2).url
[2010/11/11 14:24:33 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 14:24:33 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 14:21:45 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/11 14:21:45 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/11 14:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 14:17:15 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 15:37:34 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Some suspicious files (2).url
[2010/11/09 21:18:32 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Some suspicious files.url
[2010/11/09 19:14:19 | 000,013,287 | ---- | M] () -- C:\Users\Maureen\Desktop\IMAGING - Shortcut.lnk
[2010/11/07 20:53:26 | 000,000,255 | ---- | M] () -- C:\Users\Maureen\Desktop\I have a feeling something is amiss! - Tech Support Guy Forums.url
[2010/11/07 14:57:44 | 000,000,199 | ---- | M] () -- C:\Users\Maureen\Desktop\Aldi - Medion Forum Home.url
[2010/11/05 14:33:43 | 000,000,239 | ---- | M] () -- C:\Users\Maureen\Desktop\Mail.com Message List (5).url
[2010/11/04 21:48:08 | 000,000,156 | ---- | M] () -- C:\Users\Maureen\Desktop\Classics Lounge ~ Visible to Latin Students and Latin Alumni.url
[2010/11/04 16:14:58 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\Photo Impression 6.lnk
[2010/11/04 16:03:13 | 000,028,768 | ---- | M] () -- C:\Users\Maureen\Desktop\Cats got my teeth.jpg
[2010/11/04 11:41:10 | 000,000,194 | ---- | M] () -- C:\Users\Maureen\Desktop\UK Paid Surveys - Cash For Surveys.url
[2010/11/03 21:39:21 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/02 22:53:05 | 000,000,235 | ---- | M] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please.url
[2010/11/02 21:16:48 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 21:16:48 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/02 12:21:46 | 000,000,208 | ---- | M] () -- C:\Users\Maureen\Desktop\survey displaySingleSurvey .url
[2010/10/31 20:09:45 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/10/31 20:06:21 | 000,001,040 | ---- | M] () -- C:\Users\Maureen\Desktop\ZoneAlarm Security.lnk
[2010/10/31 19:15:51 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Which section, please.url
[2010/10/29 19:53:59 | 000,000,195 | ---- | M] () -- C:\Users\Maureen\Desktop\Entering the Pit.url
[2010/10/29 16:25:18 | 000,001,936 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
[2010/10/27 12:55:07 | 000,000,210 | ---- | M] () -- C:\Users\Maureen\Desktop\Groupola - My Groupola.url
[2010/10/27 10:54:15 | 000,000,206 | ---- | M] () -- C:\Users\Maureen\Desktop\Groupola - Sign in.url
[2010/10/27 10:21:33 | 000,019,831 | ---- | M] () -- C:\Users\Maureen\AppData\Roaming\UserTile.png
[2010/10/26 19:44:26 | 000,000,172 | ---- | M] () -- C:\Users\Maureen\Desktop\Google.url
[2010/10/26 19:35:27 | 000,001,871 | ---- | M] () -- C:\Users\Maureen\Desktop\Fix it - Microsoft ATS.lnk
[2010/10/26 19:07:45 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Which section, please - BleepingComputer.com.url
[2010/10/26 18:23:05 | 000,000,234 | ---- | M] () -- C:\Users\Maureen\Desktop\Groupola - MoneySavingExpert.com Forums.url
[2010/10/26 16:24:20 | 000,133,632 | ---- | M] () -- C:\Users\Maureen\Desktop\RKUnhookerLE.EXE
[2010/10/26 16:12:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Maureen\Desktop\HijackThisoct2010.exe
[2010/10/23 19:21:42 | 000,001,889 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/10/20 13:18:48 | 000,000,212 | ---- | M] () -- C:\Users\Maureen\Desktop\Fun With Fotos #8.url
[2010/10/16 14:44:13 | 000,001,124 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/16 10:16:49 | 000,375,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 14:51:48 | 000,000,246 | ---- | C] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please (2).url
[2010/11/10 15:37:34 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Some suspicious files (2).url
[2010/11/09 21:18:32 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Some suspicious files.url
[2010/11/09 19:14:19 | 000,013,287 | ---- | C] () -- C:\Users\Maureen\Desktop\IMAGING - Shortcut.lnk
[2010/11/07 20:53:26 | 000,000,255 | ---- | C] () -- C:\Users\Maureen\Desktop\I have a feeling something is amiss! - Tech Support Guy Forums.url
[2010/11/07 14:57:44 | 000,000,199 | ---- | C] () -- C:\Users\Maureen\Desktop\Aldi - Medion Forum Home.url
[2010/11/05 14:33:43 | 000,000,239 | ---- | C] () -- C:\Users\Maureen\Desktop\Mail.com Message List (5).url
[2010/11/04 21:48:08 | 000,000,156 | ---- | C] () -- C:\Users\Maureen\Desktop\Classics Lounge ~ Visible to Latin Students and Latin Alumni.url
[2010/11/04 16:03:27 | 000,028,768 | ---- | C] () -- C:\Users\Maureen\Desktop\Cats got my teeth.jpg
[2010/11/04 11:41:10 | 000,000,194 | ---- | C] () -- C:\Users\Maureen\Desktop\UK Paid Surveys - Cash For Surveys.url
[2010/11/02 22:53:05 | 000,000,235 | ---- | C] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please.url
[2010/11/02 12:21:46 | 000,000,208 | ---- | C] () -- C:\Users\Maureen\Desktop\survey displaySingleSurvey .url
[2010/10/31 20:06:21 | 000,001,040 | ---- | C] () -- C:\Users\Maureen\Desktop\ZoneAlarm Security.lnk
[2010/10/31 20:05:55 | 000,421,442 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/10/31 19:15:51 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Which section, please.url
[2010/10/29 19:53:59 | 000,000,195 | ---- | C] () -- C:\Users\Maureen\Desktop\Entering the Pit.url
[2010/10/27 12:55:07 | 000,000,210 | ---- | C] () -- C:\Users\Maureen\Desktop\Groupola - My Groupola.url
[2010/10/27 10:54:14 | 000,000,206 | ---- | C] () -- C:\Users\Maureen\Desktop\Groupola - Sign in.url
[2010/10/27 10:21:33 | 000,019,831 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\UserTile.png
[2010/10/26 19:44:26 | 000,000,172 | ---- | C] () -- C:\Users\Maureen\Desktop\Google.url
[2010/10/26 19:35:26 | 000,001,871 | ---- | C] () -- C:\Users\Maureen\Desktop\Fix it - Microsoft ATS.lnk
[2010/10/26 19:07:45 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Which section, please - BleepingComputer.com.url
[2010/10/26 18:23:05 | 000,000,234 | ---- | C] () -- C:\Users\Maureen\Desktop\Groupola - MoneySavingExpert.com Forums.url
[2010/10/26 16:24:00 | 000,133,632 | ---- | C] () -- C:\Users\Maureen\Desktop\RKUnhookerLE.EXE
[2010/10/24 16:00:35 | 000,000,698 | ---- | C] () -- C:\ProgramData\Installer.log
[2010/10/23 21:28:20 | 000,001,936 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
[2010/10/23 19:21:42 | 000,001,889 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/10/20 13:18:48 | 000,000,212 | ---- | C] () -- C:\Users\Maureen\Desktop\Fun With Fotos #8.url
[2010/10/17 19:06:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/10/17 15:18:17 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\Photo Impression 6.lnk
[2010/10/16 14:44:13 | 000,001,124 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/28 18:57:30 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\wklnhst.dat
[2010/08/28 18:39:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/23 19:28:15 | 000,000,177 | ---- | C] () -- C:\Windows\KPCMS.INI
[2010/05/23 19:28:14 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2010/05/23 19:28:13 | 000,100,864 | ---- | C] () -- C:\Windows\System32\Dc50ip32.dll
[2010/05/23 19:28:13 | 000,065,864 | ---- | C] () -- C:\Windows\System32\Digita.sys
[2010/05/23 19:28:13 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ImgLibLead.dll
[2010/05/07 05:13:25 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/05/07 05:09:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/08/22 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Maryemm\AppData\Roaming\GetRight
[2010/10/31 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\CheckPoint
[2010/08/11 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\DriverFinder
[2010/11/09 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\GetRight
[2010/05/31 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Template
[2010/10/23 11:11:02 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Windows Live Writer
[2010/10/29 20:51:40 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\WinPatrol
[2010/10/09 11:36:24 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 953 bytes -> C:\Users\Maureen\Documents\Fw_ Fwd_ AABB112 Beauty Bible Questionnaires_MUM here.eml:OECustomProperty
@Alternate Data Stream - 486 bytes -> C:\Users\Maureen\Documents\Error Nuker info.eml:OECustomProperty

< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 10:45 AM

Right click on the rootkit unhooker file, hover over 7zip, select Extract files here. That should do the trick.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 11:34 AM

THANK YOU for the help


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x92211000 C:\Windows\system32\DRIVERS\atikmdag.sys 6422528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x83038000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x83038000 PnpManager 4259840 bytes
0x83038000 RAW 4259840 bytes
0x83038000 WMIxWDM 4259840 bytes
0x92A05000 C:\Windows\system32\drivers\RTKVHDA.sys 2777088 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x992E0000 Win32k 2404352 bytes
0x992E0000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C22B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BE3E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92831000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C090000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8369C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA1C1E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x90C62000 C:\Windows\system32\DRIVERS\vsdatant.sys 569344 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0x91E8B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83747000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8C01C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90C08000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA1D3C000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xA1CED000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x92984000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BCBB000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BC0C000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x911B4000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8365A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90D64000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8C3A5000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C147000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91F33000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91082000 C:\Windows\system32\DRIVERS\atikmpag.sys 233472 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x928E8000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83001000 ACPI_HAL 225280 bytes
0x83001000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BD66000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91172000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BFAB000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x83600000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x92940000 C:\Windows\system32\DRIVERS\Rt86win7.sys 204800 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8C374000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91E38000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C1AA000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8BF6D000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BC65000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91E12000 C:\Windows\system32\drivers\RtHDMIV.sys 155648 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8C1D7000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C185000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8BD3A000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x91024000 C:\Windows\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x91F10000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x910F0000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA1CBF000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91047000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BDBA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA1D90000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8BE00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92921000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90CF4000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x99570000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x92D5E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x91F6E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90D21000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x92D8E000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x92DD3000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91E67000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90DC5000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x929E8000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x910CD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91112000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9112A000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91141000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x837D4000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x92CAB000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x92D32000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8BD1B000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x92D79000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x92CCF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8BF98000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x92DB8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90D3B000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x910BB000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x92DEC000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x91068000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x8C208000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92D21000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BD9A000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91000000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BC9A000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83641000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92DA8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C3EC000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x90D4E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8BCAB000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8BDAB000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x929CF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90DDD000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90D13000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x837C6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8BD0D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C079000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x911A6000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x837B8000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x92200000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x92D00000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91158000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91165000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA1CE0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BFEE000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90DB9000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x92CE9000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8BE26000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x92D0D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x92CC4000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83636000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x92D53000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x92CF5000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8BDEB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x910E5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BC00000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8BC8F000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x92D49000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x90DAF000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90DA5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA1CB5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x929DE000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9297A000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8BD5D000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA1DB1000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8BD31000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x92D18000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8C087000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA1DC3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x99540000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x91079000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8BC54000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x92972000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x83652000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C200000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x92DCB000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm Browser Security)
0x80BC7000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BC5D000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BE32000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BDDB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8BDE3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C3E4000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8BE1F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92CE2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C014000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x91F89000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8BD06000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x90CED000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x90D5E000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xA1D8D000 C:\Windows\gdrv.sys 12288 bytes (Windows ® 2000 DDK provider, GIGABYTE Tools)
0x9220D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x92CC2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x05900000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 102400 bytes
0x08190000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 102400 bytes
0x005E0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 110592 bytes
0x062A0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 110592 bytes
0x00630000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x889CA930 ] PID: 3708, 118784 bytes
0x00850000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 118784 bytes
0x07890000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 1232896 bytes
0x08530000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 1306624 bytes
0x042E0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 159744 bytes
0x07B90000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 1716224 bytes
0x083E0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 192512 bytes
0x08100000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 208896 bytes
0x07070000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 217088 bytes
0x08140000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 282624 bytes
0x00700000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x889CA930 ] PID: 3708, 28672 bytes
0x00800000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x889CA930 ] PID: 3708, 28672 bytes
0x00420000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x00430000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x009C0000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x00C30000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x03CC0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x03CB0000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x03CF0000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x03CD0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x03D00000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x04360000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x04310000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x04320000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x04350000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x048D0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x04B50000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x052F0000 Hidden Image-->atixclib.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x05610000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x05640000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x05680000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x05670000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x05690000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x056D0000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x058C0000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x058F0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x05920000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x062F0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06460000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x064A0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06BE0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06950000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06920000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06970000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06980000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06F60000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06F20000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x06BF0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x074E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x079C0000 Hidden Image-->Branding.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x081D0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 28672 bytes
0x08740000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 364544 bytes
0x039B0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x889CA930 ] PID: 3708, 36864 bytes
0x00870000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x00C20000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x05070000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x05140000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x05600000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x058B0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x05930000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x06410000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x06420000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x066B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 36864 bytes
0x04280000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 389120 bytes
0x086E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 389120 bytes
0x08670000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 405504 bytes
0x05840000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 413696 bytes
0x076F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 421888 bytes
0x00670000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x889CA930 ] PID: 3708, 45056 bytes
0x006F0000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x889CA930 ] PID: 3708, 45056 bytes
0x039A0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x889CA930 ] PID: 3708, 45056 bytes
0x003E0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 45056 bytes
0x00410000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 45056 bytes
0x00780000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 45056 bytes
0x009E0000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 45056 bytes
0x050A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 45056 bytes
0x050F0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 45056 bytes
0x04090000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 487424 bytes
0x009B0000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x00A10000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x00DA0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x03CE0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x04A20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x05080000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x05090000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x056C0000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x058D0000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x06450000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x06910000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 53248 bytes
0x057B0000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 585728 bytes
0x087A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 585728 bytes
0x91FBAF2E Unknown thread object [ ETHREAD 0x85AA1D48 ] , 600 bytes
0x00910000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 61440 bytes
0x05130000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 61440 bytes
0x066D0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 61440 bytes
0x069A0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 61440 bytes
0x06BC0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 61440 bytes
0x089F0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 667648 bytes
0x00890000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 69632 bytes
0x008B0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 69632 bytes
0x05620000 Hidden Image-->APM.Server.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 69632 bytes
0x06280000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 69632 bytes
0x068F0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 69632 bytes
0x07DB0000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 749568 bytes
0x007C0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x889CA930 ] PID: 3708, 77824 bytes
0x00600000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x05110000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x05170000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x062C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x06430000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x06930000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x07F10000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 77824 bytes
0x009F0000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 86016 bytes
0x05150000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 86016 bytes
0x06480000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 86016 bytes
0x07E70000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 86016 bytes
0x08910000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x889EE6C8 ] PID: 4068, 864256 bytes

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 11:50 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 12:29 PM

ComboFix 10-11-11.01 - Maureen 11/11/2010 17:05:32.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.2253 [GMT 0:00]
Running from: c:\users\Maureen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Maureen\AppData\Local\Temp\9109.tmp
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 16:19 . 2010-11-11 16:26 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-11-11 15:26 . 2010-11-11 15:26 -------- d-----w- c:\program files\7-Zip
2010-11-09 19:41 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8B993F5-471E-47E3-92AF-86EB4677F2EA}\mpengine.dll
2010-10-31 20:09 . 2010-10-31 20:09 -------- d-----w- c:\users\Maureen\AppData\Roaming\CheckPoint
2010-10-31 20:08 . 2010-10-31 20:08 -------- d-----w- c:\program files\Conduit
2010-10-31 20:08 . 2010-10-31 20:08 -------- d-----w- c:\program files\ZoneAlarm_Security
2010-10-31 20:06 . 2010-10-31 20:06 -------- d-----w- c:\program files\CheckPoint
2010-10-31 20:06 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-10-31 20:06 . 2010-09-02 09:20 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-10-31 20:06 . 2010-09-02 09:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-10-31 20:06 . 2010-09-02 09:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-31 20:05 . 2010-10-31 20:09 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-31 20:05 . 2010-10-31 20:05 -------- d-----w- c:\program files\Zone Labs
2010-10-31 20:05 . 2010-05-15 16:30 461400 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-10-31 20:04 . 2010-11-11 17:09 -------- d-----w- c:\windows\Internet Logs
2010-10-31 20:04 . 2010-10-31 20:04 -------- d-----w- c:\programdata\CheckPoint
2010-10-29 20:51 . 2010-10-29 20:51 -------- d-----w- c:\users\Maureen\AppData\Roaming\WinPatrol
2010-10-29 20:51 . 2010-10-29 20:51 -------- d-----w- c:\program files\BillP Studios
2010-10-29 20:51 . 2010-10-29 21:01 -------- d-----w- c:\programdata\InstallMate
2010-10-26 19:58 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 19:58 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 19:58 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 19:58 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 19:57 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 21:23 . 2010-10-25 21:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-24 20:03 . 2010-10-24 20:03 -------- d-----w- c:\users\Maureen\AppData\Local\Logitech-LS
2010-10-24 16:03 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-10-24 16:03 . 2003-03-18 20:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2010-10-24 16:03 . 2003-03-18 19:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2010-10-24 16:03 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2010-10-24 16:03 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2010-10-24 16:03 . 2003-03-18 19:44 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2010-10-24 16:03 . 2003-03-18 19:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2010-10-24 16:03 . 2003-03-18 19:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2010-10-24 16:03 . 2003-03-18 19:44 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2010-10-24 16:03 . 2003-03-18 19:44 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2010-10-24 16:03 . 2003-03-18 18:05 89088 ----a-w- c:\windows\system32\atl71.dll
2010-10-24 16:03 . 2010-10-26 10:41 -------- d-----w- c:\program files\Logitech
2010-10-24 15:51 . 2010-10-24 15:51 -------- d-----w- c:\program files\Common Files\logishrd
2010-10-23 21:28 . 2010-10-29 16:24 -------- d-----w- c:\programdata\PCPitstop
2010-10-23 21:28 . 2010-10-29 16:25 -------- d-----w- c:\program files\PCPitstop
2010-10-23 19:21 . 2010-10-23 19:21 -------- d-----w- c:\program files\bfgclient
2010-10-23 19:11 . 2010-10-23 19:21 -------- d-----w- C:\BigFishGamesCache
2010-10-23 15:44 . 2010-10-23 15:44 -------- d-----w- c:\users\Maureen\AppData\Local\SmoothDraw
2010-10-23 15:19 . 2010-10-23 15:19 -------- d-----w- c:\program files\SmoothDraw
2010-10-23 10:15 . 2010-10-23 11:11 -------- d-----w- c:\users\Maureen\AppData\Roaming\Windows Live Writer
2010-10-23 10:15 . 2010-10-23 10:15 -------- d-----w- c:\users\Maureen\AppData\Local\Windows Live Writer
2010-10-23 09:53 . 2010-10-23 09:53 -------- d-----w- c:\windows\en
2010-10-23 09:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-23 09:51 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-23 09:51 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-23 09:51 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-23 09:47 . 2010-10-23 09:47 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\4f713d231cb72972b\InstallManager_WLE_WLE.exe
2010-10-23 09:47 . 2010-10-23 09:47 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\4684141e1cb729720\MeshBetaRemover.exe
2010-10-23 09:47 . 2010-10-23 09:47 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\3d5907521cb729718\DSETUP.dll
2010-10-23 09:47 . 2010-10-23 09:47 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\3d5907521cb729718\DXSETUP.exe
2010-10-23 09:47 . 2010-10-23 09:47 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\3d5907521cb729718\dsetup32.dll
2010-10-23 09:47 . 2010-10-23 09:47 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\3c4e6d341cb729717\DXSETUP.exe
2010-10-23 09:46 . 2010-10-23 09:46 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\3c4e6d341cb729717\DSETUP.dll
2010-10-23 09:46 . 2010-10-23 09:46 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\3c4e6d341cb729717\dsetup32.dll
2010-10-23 09:46 . 2010-11-11 11:12 -------- d-----w- c:\users\Maureen\AppData\Local\Windows Live
2010-10-23 09:45 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-23 09:45 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-23 09:45 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-17 19:06 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-17 15:27 . 2010-10-17 15:27 -------- d-----w- C:\filmtype
2010-10-17 15:18 . 2010-10-17 15:18 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-10-17 15:18 . 2006-11-10 15:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-10-17 15:18 . 2003-03-18 22:14 499712 ----a-r- c:\windows\system32\msvcp71.dll
2010-10-17 15:18 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-17 15:18 . 2005-04-27 16:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-10-17 15:17 . 2010-10-17 15:17 -------- d-----w- c:\program files\ArcSoft
2010-10-17 15:16 . 2010-10-17 15:52 -------- d-----w- c:\users\Maureen\AppData\Roaming\ArcSoft
2010-10-17 15:16 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-10-17 15:16 . 2001-09-05 03:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-10-17 15:16 . 2001-09-05 03:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-10-17 15:16 . 2001-09-05 03:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-10-17 15:09 . 2010-11-04 16:13 -------- d-----w- c:\windows\OvtCam
2010-10-17 15:09 . 2010-10-17 15:09 -------- d-----w- c:\windows\OVT
2010-10-17 15:09 . 2010-10-17 15:09 -------- d-----w- c:\program files\OVT
2010-10-16 15:45 . 2010-10-23 09:53 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-16 15:45 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-16 15:45 . 2010-11-03 21:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-16 14:44 . 2010-10-16 14:44 -------- d-----w- c:\users\Maureen\AppData\Local\Sunbelt Software
2010-10-16 14:44 . 2010-10-16 14:44 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-16 14:44 . 2010-10-16 15:45 -------- d-----w- c:\programdata\Lavasoft
2010-10-16 14:44 . 2010-10-16 14:44 -------- d-----w- c:\program files\Lavasoft
2010-10-15 10:32 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 10:32 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-15 10:32 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-15 10:32 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 10:32 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-15 10:32 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 10:32 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 10:32 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 10:32 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 10:32 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 10:31 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-15 10:27 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 17:09 . 2010-05-07 05:14 17488 ----a-w- c:\windows\gdrv.sys
2010-11-02 21:16 . 2010-08-24 19:46 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 21:16 . 2010-08-24 19:46 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-19 10:41 . 2010-05-06 20:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-20 13:14 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-06-13 19:10 2734688 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-28 329096]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 738808]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GetRight.lnk
backup=c:\windows\pss\GetRight.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 13:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Run Software for Photo Frame]
2006-08-04 15:57 2110464 ----a-w- c:\program files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-03 15264]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2010-10-13 90864]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-09-02 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-02 493048]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-03 1375992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(548)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'Explorer.exe'(1904)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-11-11 17:11:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-11 17:11

Pre-Run: 955,030,654,976 bytes free
Post-Run: 954,891,509,760 bytes free

- - End Of File - - 3BEAB45203D4B09F66DA7B7B05796150

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 12:49 PM

Please let me know how things are running now. Any problem left?

Rerun OTL, click the NONE button, then change the value under "extra registry" back to Use Safelist and click Run Scan. Post me extra.txt that will be created.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 02:24 PM

Still agonisingly slow! I am sure there are entries in Hijack This that shouldn't be there.




OTL logfile created on: 11/11/2010 19:15:58 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Maureen\Desktop\BC info
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 889.36 Gb Free Space | 95.49% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 300.44 Gb Free Space | 64.50% Space Free | Partition Type: NTFS

Computer Name: MAUREEN-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 02:29 PM

That is OTL.txt, please post me extra.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 02:38 PM

That's all I get.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 02:43 PM

Did you tick Use Safelist under Extra Registry before clicking Run Scan?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 02:53 PM

Yes, I did.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:20 PM

Posted 11 November 2010 - 02:56 PM

Then extra.txt should be created. Please rerun the scan and see if it gets created now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:11:20 AM

Posted 11 November 2010 - 03:00 PM

OTL logfile created on: 11/11/2010 15:13:58 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Maureen\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 889.71 Gb Free Space | 95.52% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 300.44 Gb Free Space | 64.50% Space Free | Partition Type: NTFS

Computer Name: MAUREEN-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 15:13:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
PRC - [2010/11/03 21:37:34 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/03 21:37:26 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/02 21:16:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/02 21:16:48 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 21:16:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/28 10:08:20 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/04 18:24:28 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/23 00:10:22 | 000,092,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2010/09/22 22:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/04 00:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 00:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/21 14:33:28 | 007,858,720 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/11/11 15:13:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
MOD - [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/06/10 21:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 21:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/03 21:37:26 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/02 21:16:48 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 21:16:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/13 10:18:30 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/04 00:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/02 12:40:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/11/11 14:17:21 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/11/03 21:38:58 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/02 21:16:48 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/02 21:16:48 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/08/12 12:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/04 01:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/04 01:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 00:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/07 14:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/21 14:26:08 | 002,782,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/20 16:04:54 | 000,189,440 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/17 18:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/05/09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/09 20:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 05:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/08 20:18:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2146174449-1649121464-1852810650-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk I:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 15:13:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
[2010/11/10 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Image 2
[2010/11/09 21:05:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/07 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Dodger
[2010/11/06 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\RP
[2010/11/04 20:42:14 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\spectacles 2008
[2010/11/04 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\glasses 2
[2010/11/04 20:33:20 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\for glasses 1
[2010/11/04 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\NOV SLIDES
[2010/11/03 14:47:27 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\BC info
[2010/11/03 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Autumn 2010
[2010/11/02 22:36:33 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\For Bleeping Computer info
[2010/10/31 20:09:35 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Documents\ForceField Shared Files
[2010/10/31 20:09:35 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\CheckPoint
[2010/10/31 20:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/10/31 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010/10/31 20:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/31 20:05:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/10/31 20:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/31 20:04:48 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/10/31 20:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/10/29 20:51:38 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\WinPatrol
[2010/10/29 20:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/10/29 20:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2010/10/27 14:54:18 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\backups
[2010/10/26 16:11:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Maureen\Desktop\HijackThisoct2010.exe
[2010/10/26 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\Spectacles
[2010/10/25 21:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/10/24 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Logitech-LS
[2010/10/24 16:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/24 15:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/10/23 21:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/10/23 21:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/10/23 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/10/23 19:11:35 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2010/10/23 15:44:44 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\SmoothDraw
[2010/10/23 15:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\SmoothDraw
[2010/10/23 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Windows Live Writer
[2010/10/23 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Windows Live Writer
[2010/10/23 09:53:20 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/23 09:46:19 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Windows Live
[2010/10/17 15:27:18 | 000,000,000 | ---D | C] -- C:\filmtype
[2010/10/17 15:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/10/17 15:18:18 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2010/10/17 15:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/10/17 15:16:43 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\ArcSoft
[2010/10/17 15:09:45 | 000,000,000 | ---D | C] -- C:\Windows\OvtCam
[2010/10/17 15:09:45 | 000,000,000 | ---D | C] -- C:\Windows\OVT
[2010/10/17 15:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\OVT
[2010/10/16 15:53:16 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\AUCTIONS
[2010/10/16 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\DOWNLOADS
[2010/10/16 15:49:29 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\PHOTOS
[2010/10/16 15:47:53 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\AMAZON
[2010/10/16 15:45:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/10/16 15:45:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/10/16 15:45:10 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/16 14:44:37 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Sunbelt Software
[2010/10/16 14:44:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/16 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/16 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 15:13:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL 2.exe
[2010/11/11 14:51:48 | 000,000,246 | ---- | M] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please (2).url
[2010/11/11 14:24:33 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 14:24:33 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 14:21:45 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/11 14:21:45 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/11 14:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 14:17:15 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 15:37:34 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Some suspicious files (2).url
[2010/11/09 21:18:32 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Some suspicious files.url
[2010/11/09 19:14:19 | 000,013,287 | ---- | M] () -- C:\Users\Maureen\Desktop\IMAGING - Shortcut.lnk
[2010/11/07 20:53:26 | 000,000,255 | ---- | M] () -- C:\Users\Maureen\Desktop\I have a feeling something is amiss! - Tech Support Guy Forums.url
[2010/11/07 14:57:44 | 000,000,199 | ---- | M] () -- C:\Users\Maureen\Desktop\Aldi - Medion Forum Home.url
[2010/11/05 14:33:43 | 000,000,239 | ---- | M] () -- C:\Users\Maureen\Desktop\Mail.com Message List (5).url
[2010/11/04 21:48:08 | 000,000,156 | ---- | M] () -- C:\Users\Maureen\Desktop\Classics Lounge ~ Visible to Latin Students and Latin Alumni.url
[2010/11/04 16:14:58 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\Photo Impression 6.lnk
[2010/11/04 16:03:13 | 000,028,768 | ---- | M] () -- C:\Users\Maureen\Desktop\Cats got my teeth.jpg
[2010/11/04 11:41:10 | 000,000,194 | ---- | M] () -- C:\Users\Maureen\Desktop\UK Paid Surveys - Cash For Surveys.url
[2010/11/03 21:39:21 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/02 22:53:05 | 000,000,235 | ---- | M] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please.url
[2010/11/02 21:16:48 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 21:16:48 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/02 12:21:46 | 000,000,208 | ---- | M] () -- C:\Users\Maureen\Desktop\survey displaySingleSurvey .url
[2010/10/31 20:09:45 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/10/31 20:06:21 | 000,001,040 | ---- | M] () -- C:\Users\Maureen\Desktop\ZoneAlarm Security.lnk
[2010/10/31 19:15:51 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Which section, please.url
[2010/10/29 19:53:59 | 000,000,195 | ---- | M] () -- C:\Users\Maureen\Desktop\Entering the Pit.url
[2010/10/29 16:25:18 | 000,001,936 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
[2010/10/27 12:55:07 | 000,000,210 | ---- | M] () -- C:\Users\Maureen\Desktop\Groupola - My Groupola.url
[2010/10/27 10:54:15 | 000,000,206 | ---- | M] () -- C:\Users\Maureen\Desktop\Groupola - Sign in.url
[2010/10/27 10:21:33 | 000,019,831 | ---- | M] () -- C:\Users\Maureen\AppData\Roaming\UserTile.png
[2010/10/26 19:44:26 | 000,000,172 | ---- | M] () -- C:\Users\Maureen\Desktop\Google.url
[2010/10/26 19:35:27 | 000,001,871 | ---- | M] () -- C:\Users\Maureen\Desktop\Fix it - Microsoft ATS.lnk
[2010/10/26 19:07:45 | 000,000,214 | ---- | M] () -- C:\Users\Maureen\Desktop\Which section, please - BleepingComputer.com.url
[2010/10/26 18:23:05 | 000,000,234 | ---- | M] () -- C:\Users\Maureen\Desktop\Groupola - MoneySavingExpert.com Forums.url
[2010/10/26 16:24:20 | 000,133,632 | ---- | M] () -- C:\Users\Maureen\Desktop\RKUnhookerLE.EXE
[2010/10/26 16:12:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Maureen\Desktop\HijackThisoct2010.exe
[2010/10/23 19:21:42 | 000,001,889 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/10/20 13:18:48 | 000,000,212 | ---- | M] () -- C:\Users\Maureen\Desktop\Fun With Fotos #8.url
[2010/10/16 14:44:13 | 000,001,124 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/16 10:16:49 | 000,375,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 14:51:48 | 000,000,246 | ---- | C] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please (2).url
[2010/11/10 15:37:34 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Some suspicious files (2).url
[2010/11/09 21:18:32 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Some suspicious files.url
[2010/11/09 19:14:19 | 000,013,287 | ---- | C] () -- C:\Users\Maureen\Desktop\IMAGING - Shortcut.lnk
[2010/11/07 20:53:26 | 000,000,255 | ---- | C] () -- C:\Users\Maureen\Desktop\I have a feeling something is amiss! - Tech Support Guy Forums.url
[2010/11/07 14:57:44 | 000,000,199 | ---- | C] () -- C:\Users\Maureen\Desktop\Aldi - Medion Forum Home.url
[2010/11/05 14:33:43 | 000,000,239 | ---- | C] () -- C:\Users\Maureen\Desktop\Mail.com Message List (5).url
[2010/11/04 21:48:08 | 000,000,156 | ---- | C] () -- C:\Users\Maureen\Desktop\Classics Lounge ~ Visible to Latin Students and Latin Alumni.url
[2010/11/04 16:03:27 | 000,028,768 | ---- | C] () -- C:\Users\Maureen\Desktop\Cats got my teeth.jpg
[2010/11/04 11:41:10 | 000,000,194 | ---- | C] () -- C:\Users\Maureen\Desktop\UK Paid Surveys - Cash For Surveys.url
[2010/11/02 22:53:05 | 000,000,235 | ---- | C] () -- C:\Users\Maureen\Desktop\Is there a VIRUS involved, please.url
[2010/11/02 12:21:46 | 000,000,208 | ---- | C] () -- C:\Users\Maureen\Desktop\survey displaySingleSurvey .url
[2010/10/31 20:06:21 | 000,001,040 | ---- | C] () -- C:\Users\Maureen\Desktop\ZoneAlarm Security.lnk
[2010/10/31 20:05:55 | 000,421,442 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/10/31 19:15:51 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Which section, please.url
[2010/10/29 19:53:59 | 000,000,195 | ---- | C] () -- C:\Users\Maureen\Desktop\Entering the Pit.url
[2010/10/27 12:55:07 | 000,000,210 | ---- | C] () -- C:\Users\Maureen\Desktop\Groupola - My Groupola.url
[2010/10/27 10:54:14 | 000,000,206 | ---- | C] () -- C:\Users\Maureen\Desktop\Groupola - Sign in.url
[2010/10/27 10:21:33 | 000,019,831 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\UserTile.png
[2010/10/26 19:44:26 | 000,000,172 | ---- | C] () -- C:\Users\Maureen\Desktop\Google.url
[2010/10/26 19:35:26 | 000,001,871 | ---- | C] () -- C:\Users\Maureen\Desktop\Fix it - Microsoft ATS.lnk
[2010/10/26 19:07:45 | 000,000,214 | ---- | C] () -- C:\Users\Maureen\Desktop\Which section, please - BleepingComputer.com.url
[2010/10/26 18:23:05 | 000,000,234 | ---- | C] () -- C:\Users\Maureen\Desktop\Groupola - MoneySavingExpert.com Forums.url
[2010/10/26 16:24:00 | 000,133,632 | ---- | C] () -- C:\Users\Maureen\Desktop\RKUnhookerLE.EXE
[2010/10/24 16:00:35 | 000,000,698 | ---- | C] () -- C:\ProgramData\Installer.log
[2010/10/23 21:28:20 | 000,001,936 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Matic.lnk
[2010/10/23 19:21:42 | 000,001,889 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/10/20 13:18:48 | 000,000,212 | ---- | C] () -- C:\Users\Maureen\Desktop\Fun With Fotos #8.url
[2010/10/17 19:06:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/10/17 15:18:17 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\Photo Impression 6.lnk
[2010/10/16 14:44:13 | 000,001,124 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/28 18:57:30 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\wklnhst.dat
[2010/08/28 18:39:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/04 00:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/23 19:28:15 | 000,000,177 | ---- | C] () -- C:\Windows\KPCMS.INI
[2010/05/23 19:28:14 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2010/05/23 19:28:13 | 000,100,864 | ---- | C] () -- C:\Windows\System32\Dc50ip32.dll
[2010/05/23 19:28:13 | 000,065,864 | ---- | C] () -- C:\Windows\System32\Digita.sys
[2010/05/23 19:28:13 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ImgLibLead.dll
[2010/05/07 05:13:25 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/05/07 05:09:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/05/09 19:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/08/22 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Maryemm\AppData\Roaming\GetRight
[2010/10/31 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\CheckPoint
[2010/08/11 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\DriverFinder
[2010/11/09 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\GetRight
[2010/05/31 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Template
[2010/10/23 11:11:02 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\Windows Live Writer
[2010/10/29 20:51:40 | 000,000,000 | ---D | M] -- C:\Users\Maureen\AppData\Roaming\WinPatrol
[2010/10/09 11:36:24 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 953 bytes -> C:\Users\Maureen\Documents\Fw_ Fwd_ AABB112 Beauty Bible Questionnaires_MUM here.eml:OECustomProperty
@Alternate Data Stream - 486 bytes -> C:\Users\Maureen\Documents\Error Nuker info.eml:OECustomProperty

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users