View Full Version : Help please - win32.agent.chh
kitty764
2011-11-20, 23:32
I hope I get this right I've also run Adware, and my virus program Webroot that showed no bugs. I do have an external hard drive that I plug in when I want to backup my files, which I did about a month ago; within the last few weeks, I've noticed my computer running slow, and a few occasional buggy programs, but nothing major yet so I'm assuming I caught it early.
ps I appreciate the smilies in the instructions; it's like someone holding your hand at the dentist. Here's the DDS report, attachment and Spybot report. :spider: Another thing, I think I got the bug through torrent, which I will be uninstalling after I post this.
Thank you VERY much!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 15:26:27 on 2011-11-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2038 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AOL Desktop 9.6a\waol.exe
C:\Program Files\AOL Desktop 9.6a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Xnehogewu] rundll32.exe "c:\windows\concst.dll",Startup
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6a\AOL.EXE" -b
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1276149201\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PCDrSmartMonitor] "c:\program files\pc-doctor 5 for windows\PcdSmartMonitor.exe" -r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276157759437
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{F204927D-9268-49FC-BE9F-3EBEC7F8CA66} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-10 64512]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-3 106312]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2010-9-11 218688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-26 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-3 605272]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-26 15232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-29 41272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-10 8192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-28 11520]
.
=============== Created Last 30 ================
.
2011-11-13 03:29:39 -------- d-----w- c:\program files\AOL Desktop 9.6a
2011-11-13 00:41:55 -------- d-----w- c:\windows\Internet Logs
2011-11-13 00:40:45 -------- d-----w- c:\documents and settings\hp_administrator\application data\CheckPoint
2011-11-13 00:39:46 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-13 00:20:17 -------- d-----w- c:\program files\CheckPoint
2011-11-04 01:42:33 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-11-04 01:42:33 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-04 01:42:30 -------- d-----w- c:\program files\Webroot
2011-11-04 01:42:29 -------- d-----w- c:\documents and settings\all users\application data\WRData
2011-11-03 05:09:07 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-11-03 05:01:24 -------- d-----w- C:\mcamx
2011-10-30 05:37:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western_Digital
2011-10-30 01:24:25 -------- d-----w- c:\documents and settings\all users\application data\WD_SmartWareCommon
2011-10-30 01:20:28 -------- d-----w- c:\documents and settings\hp_administrator\application data\Western Digital
2011-10-30 01:18:01 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western Digital
2011-10-28 22:48:22 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-10-26 23:02:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-26 17:15:32 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\adaware
2011-10-26 17:15:13 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-10-26 17:14:43 -------- d-----w- c:\program files\Toolbar Cleaner
2011-10-26 17:14:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\adawaretb
2011-10-26 17:14:32 -------- d-----w- c:\program files\adawaretb
2011-10-26 17:14:15 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-11-20 17:24:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-19 00:27:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-19 00:24:02 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
2011-11-14 05:58:12 98304 ----a-w- c:\windows\DUMP596a.tmp
2011-11-14 04:05:25 98304 ----a-w- c:\windows\DUMP607f.tmp
2011-10-26 21:19:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 00:22:15 10920 ----a-w- C:\aolconnfix.exe
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 15:29:14.72 ===============
kitty764
2011-11-20, 23:33
--- Search result list ---
Win32.Agent.chh: [SBI $336B2B9E] Autorun settings (Xnehogewu) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3552373890-1893394444-1375434532-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xnehogewu
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-11-15 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-11-15 Includes\Malware.sbi (*)
2011-11-15 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-09 Includes\TrojansC-02.sbi (*)
2011-11-15 Includes\TrojansC-03.sbi (*)
2011-11-14 Includes\TrojansC-04.sbi (*)
2011-11-15 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB953295)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB979904)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2572067)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB2378111)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB2447568)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2482017)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2497640)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2510531)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2530548)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2544521)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2559049)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2586448)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
/ Windows XP / SP10: Security Update for Microsoft Windows (KB2564958)
/ Windows XP / SP10: Update for Microsoft Windows (KB971513)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2160329)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2279986)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2296011)
/ Windows XP / SP4: Security Update for Windows XP (KB2296199)
/ Windows XP / SP4: Update for Windows XP (KB2345886)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB2360937)
/ Windows XP / SP4: Security Update for Windows XP (KB2387149)
/ Windows XP / SP4: Security Update for Windows XP (KB2393802)
/ Windows XP / SP4: Security Update for Windows XP (KB2412687)
/ Windows XP / SP4: Security Update for Windows XP (KB2419632)
/ Windows XP / SP4: Security Update for Windows XP (KB2423089)
/ Windows XP / SP4: Security Update for Windows XP (KB2436673)
/ Windows XP / SP4: Security Update for Windows XP (KB2440591)
/ Windows XP / SP4: Security Update for Windows XP (KB2443105)
/ Windows XP / SP4: Hotfix for Windows XP (KB2443685)
/ Windows XP / SP4: Update for Windows XP (KB2467659)
/ Windows XP / SP4: Security Update for Windows XP (KB2476490)
/ Windows XP / SP4: Security Update for Windows XP (KB2476687)
/ Windows XP / SP4: Security Update for Windows XP (KB2478960)
/ Windows XP / SP4: Security Update for Windows XP (KB2478971)
/ Windows XP / SP4: Security Update for Windows XP (KB2479628)
/ Windows XP / SP4: Security Update for Windows XP (KB2481109)
/ Windows XP / SP4: Security Update for Windows XP (KB2483185)
/ Windows XP / SP4: Security Update for Windows XP (KB2485376)
/ Windows XP / SP4: Security Update for Windows XP (KB2485663)
/ Windows XP / SP4: Security Update for Windows XP (KB2491683)
/ Windows XP / SP4: Security Update for Windows XP (KB2503658)
/ Windows XP / SP4: Security Update for Windows XP (KB2503665)
/ Windows XP / SP4: Security Update for Windows XP (KB2506212)
/ Windows XP / SP4: Security Update for Windows XP (KB2506223)
/ Windows XP / SP4: Security Update for Windows XP (KB2507618)
/ Windows XP / SP4: Security Update for Windows XP (KB2507938)
/ Windows XP / SP4: Security Update for Windows XP (KB2508272)
/ Windows XP / SP4: Security Update for Windows XP (KB2508429)
/ Windows XP / SP4: Security Update for Windows XP (KB2509553)
/ Windows XP / SP4: Security Update for Windows XP (KB2511455)
/ Windows XP / SP4: Security Update for Windows XP (KB2524375)
/ Windows XP / SP4: Security Update for Windows XP (KB2535512)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276-v2)
/ Windows XP / SP4: Update for Windows XP (KB2541763)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB2555917)
/ Windows XP / SP4: Security Update for Windows XP (KB2562937)
/ Windows XP / SP4: Security Update for Windows XP (KB2566454)
/ Windows XP / SP4: Security Update for Windows XP (KB2567053)
/ Windows XP / SP4: Security Update for Windows XP (KB2567680)
/ Windows XP / SP4: Security Update for Windows XP (KB2570222)
/ Windows XP / SP4: Hotfix for Windows XP (KB2570791)
/ Windows XP / SP4: Security Update for Windows XP (KB2570947)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ Windows XP / SP4: Security Update for Windows XP (KB2592799)
/ Windows XP / SP4: Update for Windows XP (KB2607712)
/ Windows XP / SP4: Update for Windows XP (KB2616676)
/ Windows XP / SP4: Update for Windows XP (KB2641690)
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Update for Windows XP (KB971029)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB971961)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB979687)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Security Update for Windows XP (KB981349)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981957)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982132)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982381)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
/ Windows XP / SP4: Security Update for Windows XP (KB982802)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Ad-Aware Browsing Protection
command: "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
file: C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 57344
MD5: EA31039E691C6F8F5469649526EEA5FB
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 70720
MD5: C2E83C262ACC943EDBA600D12B965017
Located: HK_LM:Run, DISCover
command: C:\Program Files\DISC\DISCover.exe
file: C:\Program Files\DISC\DISCover.exe
size: 1077248
MD5: 5F4F51DCDDEED4CD994937572B9D9253
Located: HK_LM:Run, DiscUpdateManager
command: C:\Program Files\DISC\DiscUpdMgr.exe
file: C:\Program Files\DISC\DiscUpdMgr.exe
size: 61440
MD5: 37BDDF9E2D1E368081DDE37C927C3ED2
Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1259376
MD5: 4EB0C6C3EF4D8885CF2B5D0062F31E44
Located: HK_LM:Run, DMAScheduler
command: "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
file: c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 2DE7626D495F4A51009AED22D79CABDC
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
size: 41800
MD5: 3F654601A593A96BC4A47035B0829E69
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: 4D83DC461F8F4370274CF6E9AC9A34F4
Located: HK_LM:Run, HPBootOp
command: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
file: C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
size: 249856
MD5: A789B145F17FA5C2326907F4872FE173
Located: HK_LM:Run, HPHUPD08
command: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
file: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
size: 49152
MD5: 4F113169A2DE985D043A5530987AD6D0
Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 8561DC9A6C9BDF4BB0E52C689672BE3D
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, ISW
command: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
file: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 738944
MD5: 5B590ED157BAAAD76F71A148741E8E9C
Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13670504
MD5: 8FFC8E6236073D462CAD9EDABFD3E0E4
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 110696
MD5: 2EF47B25843130B9E05AD487D667374D
Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet
file: nwiz.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PCDrProfiler
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PCDrSmartMonitor
command: "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
file: C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
size: 360448
MD5: 0A52A680777A447C8650CC4740E94883
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: C341CCFBE98BC7DF6E0B856BB9FC265A
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 237568
MD5: F3EAEA279F09A7779C18793C87640794
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 18085888
MD5: B5DBE74457D015EC8D4F2CD43D52906D
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 6E3245DF783E58375B3465F03274743E
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
Located: HK_LM:Run, WRSVC
command: "C:\Program Files\Webroot\WRSA.exe" -ul
file: C:\Program Files\Webroot\WRSA.exe
size: 605272
MD5: 971E4BBCE79501EDFC722F613B8C048E
Located: HK_LM:Run, ZoneAlarm
command: "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
file: C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
size: 73360
MD5: 449D2363BD2C2AAD83FDB6E082B8C112
Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 449608
MD5: 026423673B8563E9975BDA97ED6273C7
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, AOL Fast Start
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: "C:\Program Files\AOL Desktop 9.6a\AOL.EXE" -b
file: C:\Program Files\AOL Desktop 9.6a\AOL.EXE
size: 42320
MD5: C7EF0EA6DEC000B6CAA37939116D7C2E
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, DW6
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
file: C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Google Update
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
file: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, Weather
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: C:\Program Files\AWS\WeatherBug\Weather.exe
file: C:\Program Files\AWS\WeatherBug\Weather.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Xnehogewu
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: rundll32.exe "C:\WINDOWS\concst.dll",Startup
file: "C:\WINDOWS\concst.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3552373890-1893394444-1375434532-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3552373890-1893394444-1375434532-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:RunOnce, NeroHomeFirstStart
where: S-1-5-21-3552373890-1893394444-1375434532-500...
command: "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 16680
MD5: A366AB4A25812A9296020358C785C3B8
Located: Startup (common), WDDMStatus.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
file: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
size: 2057536
MD5: B60F263FC062314AF16912E623284BA3
Located: Startup (common), WDSmartWare.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
file: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
size: 9136960
MD5: BE0B735454260BEC42D1E5E736C636E8
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/23/2005 9:12:08 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 9/23/2005 9:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 11/7/2010 10:59:30 PM
Date (last access): 11/20/2011 3:59:22 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{6c97a91e-4524-4019-86af-2aa2d567bf5c} (Ad-Aware Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ad-Aware Security Toolbar
CLSID name: Ad-Aware Security Toolbar
Path: C:\Program Files\adawaretb\
Long name: adawareDx.dll
Short name: ADAWAR~2.DLL
Date (created): 10/21/2011 3:10:08 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/21/2011 3:10:08 AM
Filesize: 87440
Attributes: archive
MD5: 9D5363467C5563A492BBC625D3FDF53B
CRC32: 695ABB35
Version: 1.0.0.20
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} (ZoneAlarm Security Engine Registrar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ZoneAlarm Security Engine Registrar
CLSID name: ZoneAlarm Security Engine Registrar
Path: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\
Long name: TrustCheckerIEPlugin.dll
Short name: TRUSTC~1.DLL
Date (created): 11/3/2011 8:44:36 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 11/3/2011 8:44:36 AM
Filesize: 599680
Attributes: archive
MD5: E8537E7E4A4F341DA59B8C8449BED5EB
CRC32: 56EF24CE
Version: 1.5.350.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 6/9/2010 10:47:48 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 6/9/2010 10:47:48 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 9A00B7C38DBC6D01FB72784AC307CB3B
CRC32: 83026B48
Version: 3.0.129.5
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HpWebHelper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HpWebHelper
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 6/9/2010 10:42:50 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 6/9/2010 10:42:50 PM
Filesize: 217088
Attributes:
MD5: A0EF773AA00AFAF320E7404304EC5220
CRC32: 210919B9
Version: 1.0.0.1
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 10/18/2011 6:05:34 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/18/2011 6:05:34 PM
Filesize: 42272
Attributes: archive
MD5: DC365B6E595683F67BC21A203432E336
CRC32: ADEC3F07
Version: 6.0.290.11
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 10/18/2011 6:05:32 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/18/2011 6:05:32 PM
Filesize: 79648
Attributes: archive
MD5: E3A7850421A4AB8B15FC174EB587BC6B
CRC32: 91B5A119
Version: 6.0.290.11
{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} (ChromeFrame BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ChromeFrame BHO
CLSID name: ChromeFrame BHO
Path: C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\
Long name: npchrome_frame.dll
Short name: NPCHRO~1.DLL
Date (created): 11/16/2011 7:00:56 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 11/14/2011 11:39:52 PM
Filesize: 1952824
Attributes: archive
MD5: ECFDFAD1F7F7961B8E95811460FCDCC7
CRC32: C60C73A2
Version: 15.0.874.121
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 11/2/2011 3:53:06 AM
Date (last access): 11/20/2011 3:45:22 PM
Date (last write): 11/2/2011 3:53:06 AM
Filesize: 279480
Attributes: archive
MD5: 3D370A2465AA3C09721FF34E3A0AF223
CRC32: 03BC2515
Version: 11.6.3.633
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276157759437
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 8/6/2009 6:23:26 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 8/6/2009 6:23:26 PM
Filesize: 215904
Attributes: archive
MD5: 67265EC468DC51EE0BE82D1AF1E50B52
CRC32: E76134D4
Version: 7.4.7600.226
{8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\WINDOWS\Downloaded Program Files\PhotoUploader55.inf
Codebase: http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PhotoUploader55.ocx
Short name: PHOTOU~1.OCX
Date (created): 7/29/2009 8:21:24 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 7/29/2009 8:21:24 PM
Filesize: 3540488
Attributes: archive
MD5: B36353934BB8B0E7CC8557AC5143EF41
CRC32: 3AC3C312
Version: 5.5.8.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_05.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash11e.ocx
Short name:
Date (created): 11/18/2011 6:27:16 PM
Date (last access): 11/20/2011 3:56:50 PM
Date (last write): 11/18/2011 6:27:16 PM
Filesize: 8632480
Attributes: readonly archive
MD5: E9F427EF46965D33E878A507A2F5CCB6
CRC32: 359DBBF0
Version: 11.1.102.55
--- Process list ---
PID: 0 ( 0) [System]
PID: 760 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 848 ( 760) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 872 ( 760) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 916 ( 872) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 928 ( 872) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1088 ( 916) C:\Program Files\Webroot\WRSA.exe
size: 605272
MD5: 971E4BBCE79501EDFC722F613B8C048E
PID: 1124 ( 916) C:\WINDOWS\system32\nvsvc32.exe
size: 154216
MD5: C0204C1A7A2D2433D48F49E4ECC09AB6
PID: 1156 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1300 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1408 ( 916) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1496 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1632 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1764 ( 916) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
size: 2420616
MD5: BB4C900FD6BF91422FC44A9CB640AE01
PID: 1840 (1816) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 548 ( 916) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
size: 497280
MD5: 5B2CCEF06F96DFB22893AB8F0B3F891D
PID: 692 ( 548) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 738944
MD5: 5B590ED157BAAAD76F71A148741E8E9C
PID: 704 ( 916) C:\WINDOWS\system32\spoolsv.exe
size: 58880
MD5: 60784F891563FB1B767F70117FC2428F
PID: 628 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 816 ( 916) C:\Program Files\LSI SoftModem\agrsmsvc.exe
size: 14336
MD5: 6416F9B6B220F0A890525C38235AFAD7
PID: 172 ( 916) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
size: 100016
MD5: 7FB54900AA9792AB6307C699EC1859D4
PID: 976 ( 916) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 1352 ( 172) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
size: 46768
MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
PID: 1644 ( 916) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 2180 ( 916) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
size: 86140
MD5: 0B66A9A2137213075F753579E7D573A5
PID: 2212 ( 916) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 381B25DC8E958D905B33130D500BBF29
PID: 2412 ( 916) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: E4973B3229E0015345AFBE43A8A8EB3B
PID: 2900 ( 916) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2932 ( 916) C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
size: 71096
MD5: B400ED9FA710F2E5FC3C1CB14D7947B0
PID: 2952 ( 916) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
size: 73728
MD5: 2D091A99624FB9E7EEF0A86D872EC0C3
PID: 3248 ( 916) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
size: 219496
MD5: 146842398FD7855FC98095FCE7F5859D
PID: 3296 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3328 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3424 ( 916) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
size: 110592
MD5: 0220362DEB2A21551B418D61F3153347
PID: 3524 ( 916) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
size: 20480
MD5: 138AB06ADBBF300AA804D7974A5AEC82
PID: 3592 (1088) C:\Program Files\Webroot\WRSA.exe
size: 605272
MD5: 971E4BBCE79501EDFC722F613B8C048E
PID: 3636 ( 916) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 3788 ( 916) C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
size: 180224
MD5: D1DE16926C682DCD3D99AE5500CA5522
PID: 3820 ( 916) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 3868 ( 916) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
size: 508264
MD5: 98856CB70C327ADBF51325D10DB39137
PID: 1596 (1156) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 2724 ( 916) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
size: 821664
MD5: 344546D11D7E6D9F481E9D3ABC6E76CB
PID: 2872 ( 916) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 160 ( 916) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 4000 (1840) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 3936 (1840) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 8561DC9A6C9BDF4BB0E52C689672BE3D
PID: 3676 (1840) C:\Program Files\DISC\DISCover.exe
size: 1077248
MD5: 5F4F51DCDDEED4CD994937572B9D9253
PID: 4088 (1840) C:\Program Files\DISC\DiscUpdMgr.exe
size: 61440
MD5: 37BDDF9E2D1E368081DDE37C927C3ED2
PID: 2012 (1840) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 2DE7626D495F4A51009AED22D79CABDC
PID: 1900 (1156) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3768 (1840) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: 4D83DC461F8F4370274CF6E9AC9A34F4
PID: 2228 (1840) C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
size: 41800
MD5: 3F654601A593A96BC4A47035B0829E69
PID: 2352 (1840) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 2480 (1840) C:\WINDOWS\RTHDCPL.EXE
size: 18085888
MD5: B5DBE74457D015EC8D4F2CD43D52906D
PID: 5024 (1840) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA
PID: 5076 (1840) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
size: 73360
MD5: 449D2363BD2C2AAD83FDB6E082B8C112
PID: 5156 (1840) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 6E3245DF783E58375B3465F03274743E
PID: 5328 (1840) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 5740 (3676) C:\Program Files\DISC\DiscStreamHub.exe
size: 57344
MD5: 35FD73BA6356094ABCB61F0A2C555595
PID: 4352 (1840) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
size: 2057536
MD5: B60F263FC062314AF16912E623284BA3
PID: 4528 (1840) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
size: 9136960
MD5: BE0B735454260BEC42D1E5E736C636E8
PID: 5768 (2228) c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
size: 1536
MD5: 87A2CD3AD5BF4F57C0DF046CC3A8C5A7
PID: 5864 ( 308) C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
PID: 2552 ( 308) c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 6036 ( 308) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 86960
MD5: 64B9816268F2003803A9E431882CBFAE
PID: 5516 (5104) C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 65536
MD5: 4370CAA3CC5F216A112052257A962E15
PID: 636 (1156) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3308 (3076) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4424 ( 916) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
size: 2152152
MD5: EA38136981C61C571D52C380DAAD46EF
PID: 6872 (1156) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: C7000F2DB2A5515C64C257478769A481
PID: 4288 ( 916) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
size: 279848
MD5: A328A46D87BB92CE4D8A4528E9D84787
PID: 6284 (2228) C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe
size: 41800
MD5: 3F654601A593A96BC4A47035B0829E69
PID: 6840 (6036) c:\progra~1\common~1\instal~1\update~1\isuspm.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
PID: 6316 (1156) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
size: 865200
MD5: C79ECC33D5145224214FD82D3E458945
PID: 5384 (8084) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1047208
MD5: 4CBE2BD48A10404A7CB9FA9D45FD77A3
PID: 6808 (6980) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 7732 (1840) C:\WINDOWS\system32\notepad.exe
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 6156 (1840) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 7264 (7848) C:\Program Files\AOL Desktop 9.6a\waol.exe
size: 41296
MD5: E35B794124685EAF5EFD3F46C7CF5834
PID: 6836 ( 916) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 5068 (7264) C:\Program Files\AOL Desktop 9.6a\shellmon.exe
size: 45392
MD5: 168E359AAFB8C1EE6C19FA377E6CFA84
PID: 5296 (7264) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
size: 39240
MD5: 186F36EB3F911AE26AA8120CB05D645D
PID: 7132 (7264) C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
size: 2211152
MD5: E6E6BB6C1AAB3470D855836B1764DE0C
PID: 6060 (1840) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/20/2011 4:24:48 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.comcast.net/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{607B0DAF-AD38-419E-847C-FC31860CA1D7}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{607B0DAF-AD38-419E-847C-FC31860CA1D7}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F204927D-9268-49FC-BE9F-3EBEC7F8CA66}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F204927D-9268-49FC-BE9F-3EBEC7F8CA66}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8599EFDA-B370-4B29-9F3E-35CB617F812A}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8599EFDA-B370-4B29-9F3E-35CB617F812A}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F2A3A89-2262-4C45-B135-2BC897AFA8AD}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F2A3A89-2262-4C45-B135-2BC897AFA8AD}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Hello kitty764 and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Lets begin with a scan from the following tool:
DeFogger
Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Click on DeFogger to run the tool.
The application window will appear.
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue.
A 'Finished!' message will appear.
Click OK.
DeFogger will now ask to reboot the machine - click OK.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Please scan your system with GMER
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Please post the GMER log in your next reply. If you encounter any problems with the scan come back and let me know.
kitty764
2011-11-21, 23:43
Hello JonTom, thanks for helping!
I was able to run the first program and disable the emulation drives.
I ran the second program the first time with the "show all" checked, stopped/started it over, when that was done, I clicked the wrong button, and the scan started again, I stopped it, saved the log but there was barely anything on it, so I went ahead and scanned again, and I just got an error message:
"Delayed Write Failed, unable to save all the data for the file device/harddiskvolume1/windows/system32/pcintro/elements. The data has been lost, it may be caused by a falure of computer hardware or network connection. Try to save file elsewhare"
I'm going to try the scan again.
Thanks again!
kitty764
2011-11-22, 03:20
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-21 20:07:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST325041 rev.3.AA
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwxdafob.sys
---- System - GMER 1.0.15 ----
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAllocateVirtualMemory [0xB7D9A490]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAssignProcessToJobObject [0xB7D9A640]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA6BF02F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA6BEA5CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA6C0958A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA6BF0A80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA6C03E4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA6C0423C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA6C0D6F6]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwCreateThread [0xB7D9A6C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA6BF0BB6]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwDebugActiveProcess [0xB7D9A540]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA6BEB1E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA6C0AE3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA6C0A7B2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA6C02D8A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA6C0B794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA6C0B99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA6BEADF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA6C06160]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwOpenSection [0xB7D9AB90]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA6C05D8A]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwProtectVirtualMemory [0xB7D9A750]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA6C0C72A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA6C0C060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA6BEFEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA6C0D0FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA6BF059C]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwSetContextThread [0xB7D9A5C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA6BEB5A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA6C0CC6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA6C09F72]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA6C04EA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA6C04C20]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwTerminateThread [0xB7D9A7D0]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwWriteVirtualMemory [0xB7D9A850]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [80, 0A, BF, A6, 4E, 3E, C0, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB574C380, 0x566445, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA5268400, 0x7960C, 0xE8000020]
.protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xA530A420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xA530A420]
.protect’’’’hardlockunknown last code section [0xA530A200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA530A200, 0x5049, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D8C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017A50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017AC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016C70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017B20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017CB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017B90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016DD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017C50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DD90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DF50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DDD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text
kitty764
2011-11-22, 03:21
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D900 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017D80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017D00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DF90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D850 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016BA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100174F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100172D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016A70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100168C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D6D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016830 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100175B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017610 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100176D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10012F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 100178A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017680 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DCE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DC60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E110 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetOpenUrlA 3D95F3AC 1 Byte [E9]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E0B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D8C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017A50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017AC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016C70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017B20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017CB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017B90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016DD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017C50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DD90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DF50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DDD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D900 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017D80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017D00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DF90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D850 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016BA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100174F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100172D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016A70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text
kitty764
2011-11-22, 03:22
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100168C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D6D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016830 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100175B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017610 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100176D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10012F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 100178A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017680 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DCE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DC60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E110 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetOpenUrlA 3D95F3AC 1 Byte [E9]
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E0B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\WINDOWS\eHome\ehSched.exe[712] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text
kitty764
2011-11-22, 03:24
C:\WINDOWS\system32\RUNDLL32.EXE[1764] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] SHLWAPI.dll!SHIsLowMemoryMachine + 6E02 77FBDD0B 5 Bytes JMP 10012B50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text
kitty764
2011-11-22, 03:24
C:\WINDOWS\system32\dllhost.exe[2460] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text
kitty764
2011-11-22, 03:25
C:\WINDOWS\system32\wbem\unsecapp.exe[3256] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] KERNEL32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D8C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017A50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017AC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016C70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017B20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017CB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017B90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016DD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017C50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DD90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DF50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DDD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D900 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017D80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017D00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DF90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D850 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text
kitty764
2011-11-22, 03:26
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016BA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100174F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100172D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016A70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100168C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D6D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016830 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100175B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017610 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100176D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10012F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 100178A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017680 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DCE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DC60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E110 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetOpenUrlA 3D95F3AC 1 Byte [E9]
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E0B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10012EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 10016BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1000CE20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1000CE40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10015DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100184B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text
kitty764
2011-11-22, 03:27
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys (Webroot SecureAnywhere/Webroot)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys (Webroot SecureAnywhere/Webroot)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys (Webroot SecureAnywhere/Webroot)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0x7E 0x31 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0F 0x69 0x58 0xF0 ...
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}@ ISensNetwork
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib@ {E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0@ SENSReachability 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32@ C:\Program Files\Common Files\AOL\ACS\AOLDialr.DLL
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR@ C:\Program Files\Common Files\AOL\ACS\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\AOL - gedclb@aol.com@MessageCount 39
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\HP_Administrator\Cookies\CS0FXQU0.txt 0 bytes
File C:\Documents and Settings\HP_Administrator\Cookies\OALGC9KF.txt 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\red_1px[1].gif 149 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\icons_sprite[1].gif 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\walmart-120x80[1].gif 5082 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\186264_100000998601025_4848860_q[1].jpg 0 bytes
---- EOF - GMER 1.0.15 ----
Hello kitty764
Thank you for the log.
Lets proceed as follows:
P2P Programs:
P2P programs are a major source of Malware infections.
From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.
Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here. (http://www.internetworldstats.com/articles/art053.htm)
It is strongly recommend that you uninstall any P2P programs you have on your system.
To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
A list of currently installed programs will be displayed.
Find the "µTorrent" program, click on it once and then click on the "Remove" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.
PLEASE NOTE:
Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
Foistware
I can see from your log that you have Viewpoint Media Player installed.
Viewpoint Media Player is considered as foistware rather than malware since it is installed without user's approval but doesn't spy or do anything "bad".
It is recommended that you remove Viewpoint products. However, this choice is up to you.
To remove these programs, click "Start" and then on "Control Panel" and then on "Add or Remove Programs".
Select Viewpoint Media Player and click on "Remove".
Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Should there be issues with internet afterward:
In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the ComboFix log in your next reply.
kitty764
2011-11-22, 19:18
I already uninstalled µTorrent from the add/remove program, I don't know why it's still showing.
I shut down Webroot (and all of the security programs)from the tray icon before running Combofix, I even entered captcha<sp> to shut it down but Combifix kept warning me to shut it down, so I cancelled the scan. I checked the link in the thread to shut down firewalls/etc, but i didn't see my program on the list.
Is it ok to go ahead with the scan anyway?
Thanks! :)
Hello kitty764
Is it ok to go ahead with the scan anyway? Run the scan from Safe Mode with Networking:
Reboot Your System in Safe Mode with Networking
Restart your computer.
As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
Use the arrow keys to select the Safe Mode with Networking menu item.
Press Enter.
Once into safe Mode with Networking run ComboFix and post the log in your next reply.
kitty764
2011-11-23, 01:01
I started in safe mode w/networking; started Combo Fix, it initially started, warned me that I was running my spyware/av programs (even though they were closed), clicked ok to run, blue box came up and nothing happened, watied about 20 mn and restarted the computer; tried agian with the same results.
Side note, tea timer has been disabled since my first post. I read in other threads that people were advised to turn it off, so to save a step I disabled it.
Hello kitty764
If you are having problems with ComboFix we will use a different method to clean your machine, but before we do I would like to take a closer look at a couple of files on your machine.
Please do the following:
Please scan the following files
Please go to VirusTotal (http://www.virustotal.com/)
On the page you'll find a "Browse" button.
Click on the Browse button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
c:\windows\system32\srvany.exe
Next, click the Open button.
Then click the "Send File" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now.
Once scanned, copy and paste the link to the results page in your next reply.
Please repeat this procedure for the following files:
c:\windows\concst.dll
Please post the links to the Virus Total result pages in your next reply.
kitty764
2011-11-23, 19:39
http://www.virustotal.com/file-scan/report.html?id=abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1-1322072484
The other file: c:\windows\concst.dll was not found. I get that error everytime I start up too. I think that may be from my internet service provider Comcast, I deleted some of the files because I didn't want the av program or search engine that came with it.
Hello kitty764
Please do not delete any more files unless asked to do so :)
Please make a backup of your Registry
The following fix requires altering your Windows Registry. Therefore we need to back it up in case we run into problems:
Download ERUNT (http://www.aumha.org/downloads/erunt.zip) to your Desktop (Right click the link, select "Save Link/Target As"..., select your Desktop and press Save).
Right click erunt.zip, choose "Extract All
" and follow the prompts to unzip the program.
Open the ERUNT folder on your Desktop and double click ERUNT.exe to start the program.
Click OK for all the prompts to back up your registry to the default location.
Note: if it becomes necessary to restore the registry, open the backup folder and start ERDNT.exe.
Please download OTM
Please download OTM by OldTimer by clicking here. (http://oldtimer.geekstogo.com/OTM.exe)
Save the file (called OTM.exe) to your desktop.
Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
explorer.exe
:Files
c:\windows\concst.dll
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xnehogewu"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9D425283-D487-4337-BAB6-AB8354A81457}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Start Explorer]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Trusted Zones:
I can see that you have a web site stored in the "Trusted Zones" section of your log. The only advantage to having a domain stored in your Trusted Zones, is that the domain will not prompt you for any permission before installing software or updates from the "trusted" site. This also means however, that if a malware exploit comes out where a site can spoof their domain name to match one stored in your Trusted Zones, then you will never know when (or what) they install on your machine.
If you remove this entry, these sites will still be able to install software, but only after receiving permission from you to do so, putting you back in control.
I suggest you remove the following entries:
Trusted Zone: trymedia.com
You can remove sites from your Trusted Zones via:
IE > Tools > Internet Options > Security tab > Trusted Zone > Sites.
For more information regarding the addition of sites to your Trusted Zones, click here. (http://www.mvps.org/winhelp2002/restricted.htm)
MalwareBytes AntiMalware:
I can see that you have MBAM installed.
Double click on your MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" < Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.
Please post the OTM log, the MBAM log and a new DDS log in your next reply.
kitty764
2011-11-24, 01:13
When I tried to remove trymedia.com from the trusted zone, I went to IE, tools, trusted sites, then sites.. All that came up is a window to "add this website to the zone".
OTM Log
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\concst.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Xnehogewu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
->Flash cache emptied: 87 bytes
User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 33064 bytes
User: HP_Administrator
->Temp folder emptied: 45367916 bytes
->Temporary Internet Files folder emptied: 260235107 bytes
->Java cache emptied: 6270843 bytes
->Google Chrome cache emptied: 23471934 bytes
->Flash cache emptied: 144081 bytes
User: LocalService
->Temp folder emptied: 2050572 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 1982344 bytes
->Temporary Internet Files folder emptied: 116496 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 216177 bytes
%systemroot%\System32 .tmp files removed: 21030417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1448872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 180277142 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 299754 bytes
Total Files Cleaned = 518.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
User: HP_Administrator
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 11232011_171749
Mbam Log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8227
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/23/2011 5:50:16 PM
mbam-log-2011-11-23 (17-50-16).txt
Scan type: Quick scan
Objects scanned: 188016
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 17:59:13 on 2011-11-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1816 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\AOL Desktop 9.6a\waol.exe
C:\Program Files\AOL Desktop 9.6a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6a\AOL.EXE" -b
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1276149201\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PCDrSmartMonitor] "c:\program files\pc-doctor 5 for windows\PcdSmartMonitor.exe" -r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276157759437
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{F204927D-9268-49FC-BE9F-3EBEC7F8CA66} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-10 64512]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-3 106824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2010-9-11 218688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-26 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-3 633088]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-26 15232]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2006-2-7 21120]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-10 8192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-28 11520]
.
=============== Created Last 30 ================
.
2011-11-23 23:17:49 -------- d-----w- C:\_OTM
2011-11-22 23:24:26 -------- d-s---w- C:\ComboFix
2011-11-22 18:40:40 -------- d-----w- c:\program files\MetaStream
2011-11-22 18:40:29 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2011-11-13 03:29:39 -------- d-----w- c:\program files\AOL Desktop 9.6a
2011-11-13 00:41:55 -------- d-----w- c:\windows\Internet Logs
2011-11-13 00:40:45 -------- d-----w- c:\documents and settings\hp_administrator\application data\CheckPoint
2011-11-13 00:39:46 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-13 00:20:17 -------- d-----w- c:\program files\CheckPoint
2011-11-04 01:42:33 141272 ----a-w- c:\windows\system32\WRusr.dll
2011-11-04 01:42:33 106824 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-04 01:42:30 -------- d-----w- c:\program files\Webroot
2011-11-04 01:42:29 -------- d-----w- c:\documents and settings\all users\application data\WRData
2011-11-03 05:09:07 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-11-03 05:01:24 -------- d-----w- C:\mcamx
2011-10-30 05:37:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western_Digital
2011-10-30 01:24:25 -------- d-----w- c:\documents and settings\all users\application data\WD_SmartWareCommon
2011-10-30 01:20:28 -------- d-----w- c:\documents and settings\hp_administrator\application data\Western Digital
2011-10-30 01:18:01 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western Digital
2011-10-28 22:48:22 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-10-26 23:02:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-26 17:15:32 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\adaware
2011-10-26 17:15:13 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-10-26 17:14:43 -------- d-----w- c:\program files\Toolbar Cleaner
2011-10-26 17:14:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\adawaretb
2011-10-26 17:14:32 -------- d-----w- c:\program files\adawaretb
2011-10-26 17:14:15 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-11-23 23:28:59 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
2011-11-19 00:27:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 21:19:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 00:22:15 10920 ----a-w- C:\aolconnfix.exe
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:00:48.37 ===============
Hello kitty764
Thank you for the logs.
All that came up is a window to "add this website to the zone" Not to worry, we'll deal with that soon enough.
Please un-install J2SE Runtime Environment 5.0 Update 5
Click on "Start" then on "Control Panel" and then on "Add or remove programs".
Click on "remove a program". A list of currently installed programs will be displayed.
Find the "J2SE Runtime Environment 5.0 Update 5" program, click on it once and then click on the "uninstall" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.
Temporary File Cleaner
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Close any open windows.
Double click the TFC icon to run the program.
TFC will close all open programs itself in order to run.
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish.
Once complete it should automatically reboot your machine.
If your machine does not reboot automatically, manually reboot to ensure a complete clean.
Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
Please run the following scan
Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
Please disable your real time security programs before performing the scan.
Scan your system with Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use.
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option to "Remove Found Threats" is UN checked.
Push the "Start" button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Download and run OTL by Oldtimer
Please download OTL by Oldtimer by clicking here (http://oldtimer.geekstogo.com/OTL.exe) and save the file (called OTL.exe) to your desktop.
Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
Check the boxes beside "LOP Check" and "Purity Check".
Under Custom Scan paste this in:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop
Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
Please post the ESET log and the OTL logs in your next reply (you may need to make more than one post to fit all of the information in).
kitty764
2011-11-24, 23:49
ESET Scan
C:\Documents and Settings\HP_Administrator\My Documents\executables\Nero-7[1].10.1.0_eng_trial_wch.exe Win32/Toolbar.AskSBar application
OTL log
OTL logfile created on: 11/24/2011 4:27:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.36% Memory free
4.84 Gb Paging File | 3.72 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.35 Gb Total Space | 42.70 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive D: | 10.50 Gb Total Space | 3.08 Gb Free Space | 29.31% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/24 12:21:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2011/11/23 11:49:38 | 000,633,088 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 08:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 08:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/26 15:19:20 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/26 15:19:20 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/21 03:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/04/25 15:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6a\waol.exe
PRC - [2011/04/25 15:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6a\shellmon.exe
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/09 22:22:32 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/08 01:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe
PRC - [2010/01/21 15:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 15:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 13:04:42 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1276149201\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/03/20 03:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/15 20:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/15 20:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/15 20:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2006/02/01 18:54:30 | 000,360,448 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
PRC - [2005/11/08 15:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/26 15:19:22 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/10/26 15:19:22 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/10/26 15:19:22 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/26 11:15:54 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/10/13 02:23:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 02:21:43 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/13 02:21:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:20:48 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 02:20:35 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:19:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:16:42 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:16:31 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:16:00 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:15:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/13 02:13:06 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:12:46 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/13 02:11:49 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/13 02:02:54 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_20d6ee61\mscorlib.dll
MOD - [2011/10/13 02:02:50 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0cfedefc\system.drawing.dll
MOD - [2011/10/13 02:02:44 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0490bb49\system.xml.dll
MOD - [2011/10/13 02:02:37 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a38349f8\system.windows.forms.dll
MOD - [2011/10/13 02:02:23 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_04c16c23\system.dll
MOD - [2011/10/13 02:02:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/13 02:02:10 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/04/25 15:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6a\zlib.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/09 23:47:42 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/06/09 23:47:42 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/06/09 23:47:41 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/06/09 23:47:41 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2010/06/09 23:47:41 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2010/06/09 23:47:41 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll
MOD - [2010/03/31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/23 13:04:42 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1276149201\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
MOD - [2006/02/08 12:44:10 | 001,433,600 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Matrix.dll
MOD - [2006/02/08 12:42:06 | 001,093,120 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Common.dll
MOD - [2006/02/07 19:38:52 | 000,110,592 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Pcd5Services.dll
MOD - [2006/02/07 19:38:52 | 000,065,536 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\ProgressTrace.dll
MOD - [2006/02/01 18:54:30 | 000,360,448 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
MOD - [2006/02/01 18:54:20 | 000,016,384 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\pcdrindicator.dll
MOD - [2006/02/01 18:54:18 | 000,067,584 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Smart.dll
MOD - [2006/02/01 18:54:18 | 000,040,448 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Scsi.dll
MOD - [2006/02/01 18:54:14 | 000,229,376 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Lsapi.dll
MOD - [2006/02/01 18:53:00 | 000,928,768 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Dapi5.dll
MOD - [2006/02/01 18:52:56 | 000,176,640 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\IPC.dll
MOD - [2006/02/01 18:52:56 | 000,123,904 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Http.dll
MOD - [2006/02/01 18:52:56 | 000,066,560 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\Enumerator.dll
MOD - [2006/02/01 18:52:54 | 000,017,920 | ---- | M] () -- C:\Program Files\PC-Doctor 5 for Windows\SharedAll.dll
kitty764
2011-11-24, 23:52
OTL Log cont
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/23 11:49:38 | 000,633,088 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 08:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/10/26 15:19:20 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/10 23:15:07 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/11/08 15:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
========== Driver Services (SafeList) ==========
DRV - [2011/11/23 11:49:41 | 000,106,824 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 08:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/26 15:19:22 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/26 15:19:22 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/14 04:46:26 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/09/14 04:46:20 | 000,209,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/09/11 21:17:46 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/11 20:46:57 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2006/02/07 19:38:52 | 000,021,120 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{8A863ACB-F5F6CC6A-05010003})
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/08 15:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 15:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 15:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 15:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 15:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/06/29 18:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 08:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/01/23 00:52:01 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/12 18:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/10/18 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/10/18 18:04:21 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: DAEMON Search (Enabled)
CHR - default_search_provider: search_url = http://www.daemon-search.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/11/20 02:27:54 | 000,438,612 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 15088 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PCDrSmartMonitor] C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6a\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276157759437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F204927D-9268-49FC-BE9F-3EBEC7F8CA66}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 22:36:14 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 20:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\install\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell - "" = AutoRun
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/11/24 12:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/24 12:21:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/11/24 12:20:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2011/11/23 17:17:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/23 17:16:20 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
[2011/11/22 17:24:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/22 16:56:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/22 13:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
[2011/11/22 12:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream
[2011/11/22 12:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/22 12:08:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 12:06:52 | 004,303,750 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/11/20 15:24:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
[2011/11/20 15:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/20 15:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/20 15:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/20 15:20:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2011/11/17 22:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\11-17-2011 circus - msc
[2011/11/16 22:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\NIMS - JOE
[2011/11/14 15:15:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
[2011/11/13 21:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\bears game-karl-msc 11-13-11
[2011/11/12 21:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.6a
[2011/11/12 19:54:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/12 19:54:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/12 19:54:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/12 18:41:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/11/12 18:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ForceField Shared Files
[2011/11/12 18:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CheckPoint
[2011/11/12 18:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011/11/12 18:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/11/12 18:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/11 03:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/09 20:01:38 | 000,525,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/11/03 19:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot SecureAnywhere
[2011/11/03 19:42:33 | 000,141,272 | ---- | C] (Webroot) -- C:\WINDOWS\System32\WRusr.dll
[2011/11/03 19:42:33 | 000,106,824 | ---- | C] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys
[2011/11/03 19:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/11/03 19:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WRData
[2011/11/03 19:41:14 | 000,605,272 | ---- | C] (Webroot) -- C:\Documents and Settings\HP_Administrator\Desktop\wsainstall.exe
[2011/11/02 23:09:07 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2011/11/02 23:01:24 | 000,000,000 | ---D | C] -- C:\mcamx
[2011/11/02 22:44:02 | 394,956,865 | ---- | C] (CNC Software, Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\mastercamx2-web.exe
[2011/10/29 23:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western_Digital
[2011/10/29 19:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2011/10/29 19:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Western Digital
[2011/10/29 19:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2011/10/29 19:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western Digital
[2011/10/28 16:48:22 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2011/10/28 09:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/10/28 00:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/10/26 11:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\adaware
[2011/10/26 11:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/26 11:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/10/26 11:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\adawaretb
[2011/10/26 11:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/10/26 11:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/26 11:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
========== Files - Modified Within 30 Days ==========
[2011/11/24 16:03:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3552373890-1893394444-1375434532-1008UA.job
[2011/11/24 15:59:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 15:59:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/24 12:52:45 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/11/24 12:36:12 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\pcdhdm.cpl
[2011/11/24 12:35:42 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/24 12:35:06 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/24 12:34:33 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/11/24 12:34:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 12:21:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/11/24 12:20:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2011/11/24 12:03:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3552373890-1893394444-1375434532-1008Core.job
[2011/11/23 23:35:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/23 17:16:21 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
[2011/11/23 12:15:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/23 12:15:16 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/23 11:49:41 | 000,141,272 | ---- | M] (Webroot) -- C:\WINDOWS\System32\WRusr.dll
[2011/11/23 11:49:41 | 000,106,824 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys
[2011/11/22 12:06:59 | 004,303,750 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/11/21 09:10:27 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2011/11/21 08:43:07 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/11/21 08:40:55 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2011/11/20 17:37:20 | 000,217,092 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\377928_304125806272865_100000263440640_1226360_1371769965_n.jpg
[2011/11/20 15:55:47 | 000,004,483 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
[2011/11/20 15:24:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
[2011/11/20 15:21:40 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2011/11/20 15:20:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2011/11/20 11:23:48 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 02:27:54 | 000,438,612 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/19 20:45:16 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2011/11/19 18:10:03 | 000,166,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/18 20:37:03 | 000,190,618 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\health-careers-app.pdf
[2011/11/18 18:27:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/13 22:25:51 | 000,000,179 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/11/12 21:34:20 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6.lnk
[2011/11/12 21:34:20 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2011/11/12 19:06:10 | 000,464,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/12 19:06:10 | 000,079,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/12 18:42:03 | 000,415,915 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/11 03:01:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 23:00:18 | 000,004,581 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\imagesCAJ07696.jpg
[2011/11/10 22:36:10 | 000,085,953 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\24232_111103688915366_100000472075967_193253_5311878_n.jpg
[2011/11/10 22:35:44 | 000,085,118 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\25642_117163674976034_100000472075967_219418_1196682_n.jpg
[2011/11/10 22:34:18 | 000,102,611 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\38630_142865552405846_100000472075967_354203_4826461_n.jpg
[2011/11/10 22:32:13 | 000,098,076 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\66612_168611796497888_100000472075967_526894_5646783_n.jpg
[2011/11/10 22:30:27 | 000,091,534 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\163036_178137708878630_100000472075967_593381_2532851_n.jpg
[2011/11/10 22:30:22 | 000,087,814 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\151086_178137745545293_100000472075967_593383_352300_n.jpg
[2011/11/10 13:54:46 | 000,084,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\daddd.jpg
[2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/11/03 19:41:17 | 000,605,272 | ---- | M] (Webroot) -- C:\Documents and Settings\HP_Administrator\Desktop\wsainstall.exe
[2011/11/02 23:07:23 | 000,002,624 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2011/11/02 22:45:42 | 394,956,865 | ---- | M] (CNC Software, Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\mastercamx2-web.exe
[2011/10/29 19:20:09 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/10/29 19:20:09 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/10/29 19:06:21 | 002,117,582 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\4779-705019.pdf
[2011/10/29 10:07:01 | 000,494,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Access Back to School.pdf
[2011/10/29 10:06:44 | 000,046,506 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Proof of Eye Examination Report.pdf
[2011/10/29 10:06:32 | 000,108,926 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Min Health Requirements for CPS 2011 2012 ENGLISH.pdf
[2011/10/29 10:04:22 | 000,054,397 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dental Exam Proof English.pdf
[2011/10/29 10:03:33 | 000,060,082 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Child Health Examination Form English.pdf
[2011/10/29 01:43:11 | 000,015,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\camaro-zl1.jpg
[2011/10/26 15:19:22 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/26 11:17:25 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/26 11:14:25 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
========== Files Created - No Company Name ==========
[2011/11/21 08:54:58 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2011/11/21 08:42:52 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/11/21 08:40:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2011/11/20 19:10:59 | 000,217,092 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\377928_304125806272865_100000263440640_1226360_1371769965_n.jpg
[2011/11/20 15:55:47 | 000,004,483 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
[2011/11/20 15:21:40 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2011/11/20 11:23:48 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/18 20:37:03 | 000,190,618 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\health-careers-app.pdf
[2011/11/12 18:41:17 | 000,415,915 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/10 23:00:21 | 000,004,581 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\imagesCAJ07696.jpg
[2011/11/10 22:36:23 | 000,085,953 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\24232_111103688915366_100000472075967_193253_5311878_n.jpg
[2011/11/10 22:35:58 | 000,085,118 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\25642_117163674976034_100000472075967_219418_1196682_n.jpg
[2011/11/10 22:34:30 | 000,102,611 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\38630_142865552405846_100000472075967_354203_4826461_n.jpg
[2011/11/10 22:32:30 | 000,098,076 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\66612_168611796497888_100000472075967_526894_5646783_n.jpg
[2011/11/10 22:31:35 | 000,091,534 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\163036_178137708878630_100000472075967_593381_2532851_n.jpg
[2011/11/10 22:30:42 | 000,087,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\151086_178137745545293_100000472075967_593383_352300_n.jpg
[2011/11/10 13:54:58 | 000,084,670 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\daddd.jpg
[2011/11/02 23:09:07 | 008,405,015 | ---- | C] () -- C:\WINDOWS\TempFile
[2011/11/02 23:04:38 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\config.hsp
[2011/10/29 19:20:09 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/10/29 19:20:09 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/10/29 19:06:21 | 002,117,582 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\4779-705019.pdf
[2011/10/29 10:06:59 | 000,494,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Access Back to School.pdf
[2011/10/29 10:06:44 | 000,046,506 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Proof of Eye Examination Report.pdf
[2011/10/29 10:06:32 | 000,108,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Min Health Requirements for CPS 2011 2012 ENGLISH.pdf
[2011/10/29 10:04:22 | 000,054,397 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dental Exam Proof English.pdf
[2011/10/29 10:03:33 | 000,060,082 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Child Health Examination Form English.pdf
[2011/10/29 01:43:45 | 000,015,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\camaro-zl1.jpg
[2011/10/27 18:07:45 | 000,179,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/26 17:02:23 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/26 11:14:25 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/09 20:27:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/09 20:27:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/06 20:27:18 | 000,000,179 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2011/02/05 22:30:37 | 000,000,144 | ---- | C] () -- C:\WINDOWS\mmtype.ini
[2011/01/19 00:49:53 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/11/28 18:36:47 | 000,010,262 | ---- | C] () -- C:\WINDOWS\ivutewisucej.dll
[2010/09/10 23:15:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2010/09/10 20:28:47 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/06/21 16:55:31 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2010/06/16 19:51:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/15 22:34:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2010/06/15 22:15:30 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/06/15 22:15:30 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/06/15 22:15:30 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/06/15 22:15:30 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/06/15 22:15:30 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/06/15 22:15:30 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/06/15 22:15:30 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/06/15 22:15:30 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/06/15 22:15:30 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/06/15 22:15:30 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/06/15 22:15:30 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/06/15 22:15:30 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/06/15 22:15:30 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/06/15 22:15:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/06/15 22:15:29 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/06/15 22:15:29 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/06/11 11:38:02 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/06/10 03:41:34 | 000,166,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/09 23:52:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 23:45:28 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/06/09 23:02:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/09 22:43:52 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/06/09 22:40:56 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2010/06/09 22:40:13 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2010/06/09 22:39:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2010/06/09 22:36:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/09 22:34:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 22:23:41 | 000,002,289 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/06/09 22:23:04 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2010/06/09 22:23:04 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2010/06/09 22:19:11 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2010/06/09 22:19:11 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2010/06/09 22:18:19 | 000,090,686 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2010/06/09 22:18:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2010/06/09 22:15:29 | 000,109,104 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/09 22:15:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/06/09 22:13:32 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/06/09 22:13:32 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/06/09 22:11:55 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2010/06/09 22:11:02 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/09 22:08:39 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/06/09 22:08:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/06/09 22:08:35 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/06/09 22:08:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/06/09 22:08:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/06/09 22:07:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/06/09 22:07:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/06/09 22:07:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/06/09 22:06:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/06/09 22:06:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2010/04/03 21:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/12 21:09:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2006/05/17 21:59:21 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/17 21:59:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/17 21:59:04 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 18:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 22:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 22:07:46 | 000,464,390 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 22:07:46 | 000,079,408 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 22:05:30 | 000,306,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 22:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 21:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/26 08:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
========== LOP Check ==========
[2011/11/24 12:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/12 18:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/09/10 20:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/09 23:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/06/15 22:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/02/23 10:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2010/06/10 11:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2011/03/06 23:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/31 22:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tipard Video Converter
[2011/11/22 13:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/04 15:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/10/29 19:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2011/10/29 19:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/09/10 20:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/11/24 12:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WRData
[2011/11/24 12:35:06 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/11/24 12:34:07 | 000,083,224 | ---- | M] () -- C:\aaw7boot.log
[2011/10/04 18:22:15 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2011/10/04 18:22:15 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2010/06/09 22:36:14 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/09 23:44:31 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/09 23:49:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/09 15:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/30 22:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/11 20:19:44 | 045,501,493 | ---- | M] () -- C:\hpWebHelper.log
[2011/11/12 21:34:14 | 000,030,447 | ---- | M] () -- C:\install.log
[2005/08/30 22:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/30 22:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/10 01:28:21 | 000,001,048 | ---- | M] () -- C:\net_save.dna
[2010/09/13 23:36:04 | 000,000,000 | ---- | M] () -- C:\NFTProfile.nft
[2004/08/09 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/10 03:47:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/24 12:34:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/05/17 21:59:23 | 000,000,012 | ---- | M] () -- C:\RecoveryCD.txt
[2005/12/27 01:21:54 | 007,477,561 | ---- | M] (Intel Corporation ) -- C:\setup_all.exe
[2010/06/09 23:52:52 | 000,000,371 | -H-- | M] () -- C:\T4Metrics.log
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
[2006/02/19 04:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
< %systemroot%\Fonts\*.ini >
[2005/08/30 22:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/02/03 12:04:46 | 000,750,704 | ---- | M] () -- C:\WINDOWS\aus_ddss.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2005/08/30 14:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/30 14:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
kitty764
2011-11-24, 23:53
OTL cont.
< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
[2011/11/12 21:34:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\AOL Desktop 9.6.lnk
[2010/06/10 03:50:59 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/06/09 22:12:27 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Photosmart Premier.lnk
[2010/06/09 22:23:28 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Rhapsody.lnk
[2010/06/09 22:16:54 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
[2010/06/10 02:16:11 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
[2010/06/09 22:21:53 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\MSN Encarta Standard.lnk
[2010/06/10 10:58:13 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
[2010/06/10 10:58:13 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
[2010/06/10 03:50:59 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2010/06/09 22:40:20 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Snapfish for your photos.lnk
[2005/08/30 22:02:10 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2005/08/30 22:02:10 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Deskuop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 09:01:31
< MD5 for: EXPLORER.EX_ >
[2004/08/09 15:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\I386\EXPLORER.EX_
< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/09 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: EXPLORER.SC_ >
[2004/08/09 15:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\WINDOWS\I386\EXPLORER.SC_
< MD5 for: EXPLORER.SCF >
[2004/08/09 15:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
< MD5 for: IEXPLORE.CH_ >
[2004/08/09 15:00:00 | 000,199,077 | ---- | M] () MD5=5F64795662F162CCD8B30969B6682029 -- C:\WINDOWS\I386\IEXPLORE.CH_
< MD5 for: IEXPLORE.CHM >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/09 15:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
< MD5 for: IEXPLORE.CHW >
[2010/06/10 09:59:48 | 000,153,185 | ---- | M] () MD5=DCD8C8029AD669DD13C55B33143C2671 -- C:\WINDOWS\Help\iexplore.chw
< MD5 for: IEXPLORE.EX_ >
[2004/08/09 15:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\WINDOWS\I386\IEXPLORE.EX_
< MD5 for: IEXPLORE.EXE >
[2008/04/13 18:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/13 18:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/04/19 22:56:28 | 000,060,416 | ---- | M] () MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\ComboFix\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/09 15:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-27122324.PF >
[2011/11/24 16:40:14 | 000,088,934 | ---- | M] () MD5=1BB26B8A9E8342787EA974B7659F5714 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
< MD5 for: IEXPLORE.HL_ >
[2004/08/09 15:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\WINDOWS\I386\IEXPLORE.HL_
< MD5 for: IEXPLORE.HLP >
[2004/08/09 15:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
< MD5 for: WINLOGON.EX_ >
[2004/08/09 15:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\WINDOWS\I386\WINLOGON.EX_
< MD5 for: WINLOGON.EXE >
[2004/08/09 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINLOGON.REG >
[2001/10/23 14:49:08 | 000,000,278 | ---- | M] () MD5=329635F24C2EB6E4B850598AC7CC7AA4 -- C:\hp\bin\winlogon.reg
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
kitty764
2011-11-24, 23:55
OTL EXTRAS Log
OTL Extras logfile created on: 11/24/2011 4:27:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.36% Memory free
4.84 Gb Paging File | 3.72 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.35 Gb Total Space | 42.70 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive D: | 10.50 Gb Total Space | 3.08 Gb Free Space | 29.31% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1276149201\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1276149201\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
"C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Program Files\AOL Desktop 9.6a\waol.exe" = C:\Program Files\AOL Desktop 9.6a\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3077CD1A-8BDB-467B-98EA-20EBAC9B95B9}" = Ad-Aware
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1E4886-AE57-4A7F-9924-31A6406F5BAF}" = Font_Setup
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{833F32CB-DA1C-4B92-9DFD-E7EE09087E5A}" = Mastercam X2 Demo
"{83B7C36F-6521-41A7-A8FD-AE147EFAC014}" = SOAP Toolkit
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A34D17F9-0328-4F71-B4E9-E515EF34AB12}_is1" = Auslogics Disk Defrag ScreenSaver
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Amazon Kindle For PC" = Amazon Kindle For PC
"Animated GIF Banner Maker" = Animated GIF Banner Maker
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DISCover" = DISCover
"DivX Setup" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.7.2 (26/01/2011)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome Frame" = Google Chrome Frame
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{833F32CB-DA1C-4B92-9DFD-E7EE09087E5A}" = Mastercam X2 Demo
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"Keyboarding Pro 6" = Keyboarding Pro 6
"Kidzui" = Kidzui
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel(R) Network Connections Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RapidTyping" = RapidTyping
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Super DVD Creator_is1" = Super DVD Creator 9.8 Trial Version
"Tipard Video Converter_is1" = Tipard Video Converter 6.1.08
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WRUNINST" = Webroot SecureAnywhere
"WT004613" = Tornado Jockey
"WT005513" = Super Granny
"WT005515" = Polar Bowler
"WT005517" = Blasterball 2 Remix
"WT005518" = Polar Golfer
"WT005519" = Ricochet Lost Worlds
"WT005520" = Blackhawk Striker 2
"WT005521" = Blasterball 2 Revolution
"WT005523" = Tradewinds
"WT005524" = Bounce Symphony
"WT005630" = Alien Outbreak 2
"WT005631" = Fairies
"WT005632" = Snowy The Bears Adventure
"WT005634" = Bejeweled 2 Deluxe
"WT005635" = Big Kahuna Reef
"WT005636" = Bookworm Deluxe
"WT005637" = Chuzzle Deluxe
"WT005638" = Diner Dash
"WT005639" = Family Feud
"WT005640" = Flip Words
"WT005641" = Insaniquarium Deluxe
"WT005642" = Jewel Quest
"WT005643" = Mah Jong Quest
"WT005644" = Mystery Case Files
"WT005645" = Poker Superstars
"WT005646" = SCRABBLE
"WT005647" = Slingo Deluxe
"WT005648" = Tennis Titans
"WT006069" = FATE
"WT006072" = Ancient Sudoku
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/14/2011 12:25:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.10.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/14/2011 12:25:20 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.10.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/14/2011 12:28:10 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.10.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/16/2011 2:05:35 AM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 14 | ID = 1000
Description =
Error - 11/21/2011 6:25:01 PM | Computer Name = YOUR-4DACD0EA75 | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x80072747.
Error - 11/21/2011 6:25:07 PM | Computer Name = YOUR-4DACD0EA75 | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072747.
Error - 11/22/2011 1:47:57 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application aolbrowser.exe, version 0.1.57.1, faulting module
mshtml.dll, version 8.0.6001.19154, fault address 0x00067a38.
Error - 11/22/2011 1:50:47 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application aolbrowser.exe, version 0.1.57.1, faulting module
mshtml.dll, version 8.0.6001.19154, fault address 0x00067a38.
Error - 11/22/2011 6:57:06 PM | Computer Name = YOUR-4DACD0EA75 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/23/2011 7:42:23 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.0.1118, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Service Agent service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The WD SmartWare Drive Manager service terminated unexpectedly. It
has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The WD SmartWare Background Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Intel® Quick Resume Technology Drivers service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/24/2011 2:30:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly. It has done this
1 time(s).
< End of report >
kitty764
2011-11-25, 07:54
:scratch: I've been reading a lot of good things about Avira's AntiVir and I was wondering if there's a way to find out if that program would work while running another av (Webroot)?
I just dumped PCillan<sp> because they were going to charge me $80. to renew, so I found a reccomendation for Webroot from PC magazine and I'm taking advantage of the 30 day free trial. I don't know if it's a good program or not - I'm in the "infirmary" as I type, trying to get whatever bug I have out of my system :worm:
Hello kitty764
Thank you for the logs.
Please open OTL
Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\Shell\install\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell - "" = AutoRun
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\Shell\install\command - "" = J:\SETUP.EXE
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:Files
C:\Documents and Settings\HP_Administrator\My Documents\executables\Nero-7[1].10.1.0_eng_trial_wch.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.
Please post the OTL log in your next reply and let me know exactly how the machine is running now.
kitty764
2011-11-25, 17:04
It's running fine; it wasn't running too bad when I found the bug, just a little laggy at times. I noticed the concast.dll error doesn't pop up anymore on start up...Thank you!! That error has been around for over a year now :rockon:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b031140-be1c-11df-9167-806d6172696f}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe717edb-bd4f-11df-8400-001731ac034f}\ not found.
File J:\SETUP.EXE not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\Documents and Settings\HP_Administrator\My Documents\executables\Nero-7[1].10.1.0_eng_trial_wch.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HP_Administrator
->Temp folder emptied: 3960212 bytes
->Temporary Internet Files folder emptied: 40653391 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1427 bytes
User: LocalService
->Temp folder emptied: 992392 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 995368 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1589588 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 732 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 46.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
User: HP_Administrator
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 11252011_095048
Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF95C.tmp moved successfully.
C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01c05.TMP not found!
Registry entries deleted on Reboot...
Hello kitty764
Thank you for the log.
It's running fine Thats good to hear. Provided you are no longer having any problems we can remove our tools:
Please Uninstall Combofix
Click on "Start" and then on "Run".
Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
Please perform the following cleanup procedure
Double click on the OTL.exe icon on your desktop to run the program.
Once OTL has opened, click on the "CleanUp!" button.
Follow any prompts that you receive.
Re-enable your drivers
To re-enable your Emulation drivers, double click on DeFogger to run the tool.
The application window will appear.
Click the Re-enable button to re-enable your CD Emulation drivers.
Click Yes to continue A 'Finished!' message will appear.
Click OK
DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled (Once you have re-enabled your drivers DeFogger can be deleted).
Please re-enable Spybot Teatimer
Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click "Tools", then click on the "Resident" icon in the list.
Check the "Resident "TeaTimer" (Protection of overall system settings) active" box.
Click the "System Startup" icon in the List.
Check the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done.
I've been reading a lot of good things about Avira's AntiVir and I was wondering if there's a way to find out if that program would work while running another av (Webroot)? You should only ever run ONE real time antivirus and ONE firewall on your machine. Whilst it may seem that multiple AV's may provide more protection the opposite is actually true - the programs spend most of their time figthing each other which leaves you wide open to infection.
I found a reccomendation for Webroot from PC magazine and I'm taking advantage of the 30 day free trial I try not to be drawn into recommending one product over another, but if it were me I would take Avira over Webroot. I will provide some links to other trusted (and free) AV's below:
Security programs
I have provided links to three trusted programs (just choose one).
Avast! (http://www.avast.com/free-antivirus-download)
Avira AntiVir (http://www.free-av.com/)
MicroSoft Security Essentials (http://www.microsoft.com/security_essentials/)
Your Adobe Reader is out of date
You can obtain the latest version of Adobe Reader from here (http://get.adobe.com/uk/reader/), and the latest version of Flash Player from here. (http://www.adobe.com/products/flashplayer/)
For more information and links to Adobe updates and downloads click here. (http://www.adobe.com/downloads/)
Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
Finally, please take the time to read through the information provided below:
Enhance your System Security
For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.
Web Browsers and Browser Security
Firefox
You can download Firefox from here. (http://www.mozilla.com/en-US/firefox/)
No-Script
If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
You can download No-Script by clicking here. (https://addons.mozilla.org/en-US/firefox/addon/722)
Internet Explorer
The newest version of Internet Explorer is available from here. (http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_94735d11-65d1-4bb8-bf6f-72d7b059a928)
Please Note: IE9 is not configured to run on XP machines.
SpywareBlaster
If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
You can download SpywareBlaster by clicking here. (http://www.javacoolsoftware.com/sbdownload.html)
Web of Trust
When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
You can download Web of Trust by clicking here. (http://www.mywot.com/)
Keep your Software Updated
Outdated software can sometimes have vulnerabilities that are exploitable by malware.
Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. (http://secunia.com/vulnerability_scanning/online/)
Passwords
Learn how to create strong passwords by clicking here (http://www.microsoft.com/protect/yourself/password/create.mspx) and test the strength of the passwords you already use by clicking here. (http://www.microsoft.com/protect/yourself/password/checker.mspx)
General Reading
PC Safety and Security - What do I need? (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)
How to prevent Malware (by Miekiemoes) (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
Learn How To Combat Malware
Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)
kitty764
2011-11-26, 03:05
Thank you very much!!
DeFogger dissapeard from my desktop when I ran OTL so the emulation drivers aren't enabled, and I didn't want to reinstall DeFogger until I heard back from you. All that's left is ERUNT and TFC.
As far as teatimer goes, all I had to do was "Check the "Resident "TeaTimer" (Protection of overall system settings) active" box"
The teatimer was already checked in the system start up list.
Thanks for everything, and also for the informaiton :beerbeerb:
Hello kitty764
I didn't want to reinstall DeFogger until I heard back from you Go ahead and re-install DeFogger then re-enable your drivers.
Let me know how you get on :)
kitty764
2011-11-26, 19:42
Done :)
Hello kitty764
Done :bigthumb:
You can delete deFogger from your machine.
Please respond back one more time so we can mark this thred as resolved :)
kitty764
2011-11-27, 02:09
I deleted everything from the desktop. Thank you very much for all of your help, I hope you have a wonderful holliday! :beerbeerb:
Thank you very much for all of your help, I hope you have a wonderful holliday! You are Very Welcome kitty764
Since this problem appears to be resolved this topic is now closed.
Glad we could help :)
Best wishes
JonTom