Help please - win32.agent.chh

[kitty764]

I hope I get this right I've also run Adware, and my virus program Webroot that showed no bugs. I do have an external hard drive that I plug in when I want to backup my files, which I did about a month ago; within the last few weeks, I've noticed my computer running slow, and a few occasional buggy programs, but nothing major yet so I'm assuming I caught it early.
ps I appreciate the smilies in the instructions; it's like someone holding your hand at the dentist. Here's the DDS report, attachment and Spybot report. :spider: Another thing, I think I got the bug through torrent, which I will be uninstalling after I post this.
Thank you VERY much!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 15:26:27 on 2011-11-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2038 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AOL Desktop 9.6a\waol.exe
C:\Program Files\AOL Desktop 9.6a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Xnehogewu] rundll32.exe "c:\windows\concst.dll",Startup
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6a\AOL.EXE" -b
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1276149201\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PCDrSmartMonitor] "c:\program files\pc-doctor 5 for windows\PcdSmartMonitor.exe" -r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276157759437
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{F204927D-9268-49FC-BE9F-3EBEC7F8CA66} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-10 64512]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-3 106312]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2010-9-11 218688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-26 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-3 605272]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-26 15232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-29 41272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-10 8192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-28 11520]
.
=============== Created Last 30 ================
.
2011-11-13 03:29:39 -------- d-----w- c:\program files\AOL Desktop 9.6a
2011-11-13 00:41:55 -------- d-----w- c:\windows\Internet Logs
2011-11-13 00:40:45 -------- d-----w- c:\documents and settings\hp_administrator\application data\CheckPoint
2011-11-13 00:39:46 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-13 00:20:17 -------- d-----w- c:\program files\CheckPoint
2011-11-04 01:42:33 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-11-04 01:42:33 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-04 01:42:30 -------- d-----w- c:\program files\Webroot
2011-11-04 01:42:29 -------- d-----w- c:\documents and settings\all users\application data\WRData
2011-11-03 05:09:07 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-11-03 05:01:24 -------- d-----w- C:\mcamx
2011-10-30 05:37:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western_Digital
2011-10-30 01:24:25 -------- d-----w- c:\documents and settings\all users\application data\WD_SmartWareCommon
2011-10-30 01:20:28 -------- d-----w- c:\documents and settings\hp_administrator\application data\Western Digital
2011-10-30 01:18:01 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western Digital
2011-10-28 22:48:22 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-10-26 23:02:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-26 17:15:32 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\adaware
2011-10-26 17:15:13 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-10-26 17:14:43 -------- d-----w- c:\program files\Toolbar Cleaner
2011-10-26 17:14:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\adawaretb
2011-10-26 17:14:32 -------- d-----w- c:\program files\adawaretb
2011-10-26 17:14:15 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-11-20 17:24:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-19 00:27:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-19 00:24:02 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
2011-11-14 05:58:12 98304 ----a-w- c:\windows\DUMP596a.tmp
2011-11-14 04:05:25 98304 ----a-w- c:\windows\DUMP607f.tmp
2011-10-26 21:19:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 00:22:15 10920 ----a-w- C:\aolconnfix.exe
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 15:29:14.72 ===============

 

[kitty764]

Cont..

--- Search result list ---
Win32.Agent.chh: [SBI $336B2B9E] Autorun settings (Xnehogewu) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3552373890-1893394444-1375434532-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xnehogewu


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-11-15 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-11-15 Includes\Malware.sbi (*)
2011-11-15 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-09 Includes\TrojansC-02.sbi (*)
2011-11-15 Includes\TrojansC-03.sbi (*)
2011-11-14 Includes\TrojansC-04.sbi (*)
2011-11-15 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB953295)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB979904)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2572067)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB2378111)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB2447568)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2482017)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2497640)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2510531)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2530548)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2544521)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2559049)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2586448)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
/ Windows XP / SP10: Security Update for Microsoft Windows (KB2564958)
/ Windows XP / SP10: Update for Microsoft Windows (KB971513)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2160329)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2279986)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2296011)
/ Windows XP / SP4: Security Update for Windows XP (KB2296199)
/ Windows XP / SP4: Update for Windows XP (KB2345886)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB2360937)
/ Windows XP / SP4: Security Update for Windows XP (KB2387149)
/ Windows XP / SP4: Security Update for Windows XP (KB2393802)
/ Windows XP / SP4: Security Update for Windows XP (KB2412687)
/ Windows XP / SP4: Security Update for Windows XP (KB2419632)
/ Windows XP / SP4: Security Update for Windows XP (KB2423089)
/ Windows XP / SP4: Security Update for Windows XP (KB2436673)
/ Windows XP / SP4: Security Update for Windows XP (KB2440591)
/ Windows XP / SP4: Security Update for Windows XP (KB2443105)
/ Windows XP / SP4: Hotfix for Windows XP (KB2443685)
/ Windows XP / SP4: Update for Windows XP (KB2467659)
/ Windows XP / SP4: Security Update for Windows XP (KB2476490)
/ Windows XP / SP4: Security Update for Windows XP (KB2476687)
/ Windows XP / SP4: Security Update for Windows XP (KB2478960)
/ Windows XP / SP4: Security Update for Windows XP (KB2478971)
/ Windows XP / SP4: Security Update for Windows XP (KB2479628)
/ Windows XP / SP4: Security Update for Windows XP (KB2481109)
/ Windows XP / SP4: Security Update for Windows XP (KB2483185)
/ Windows XP / SP4: Security Update for Windows XP (KB2485376)
/ Windows XP / SP4: Security Update for Windows XP (KB2485663)
/ Windows XP / SP4: Security Update for Windows XP (KB2491683)
/ Windows XP / SP4: Security Update for Windows XP (KB2503658)
/ Windows XP / SP4: Security Update for Windows XP (KB2503665)
/ Windows XP / SP4: Security Update for Windows XP (KB2506212)
/ Windows XP / SP4: Security Update for Windows XP (KB2506223)
/ Windows XP / SP4: Security Update for Windows XP (KB2507618)
/ Windows XP / SP4: Security Update for Windows XP (KB2507938)
/ Windows XP / SP4: Security Update for Windows XP (KB2508272)
/ Windows XP / SP4: Security Update for Windows XP (KB2508429)
/ Windows XP / SP4: Security Update for Windows XP (KB2509553)
/ Windows XP / SP4: Security Update for Windows XP (KB2511455)
/ Windows XP / SP4: Security Update for Windows XP (KB2524375)
/ Windows XP / SP4: Security Update for Windows XP (KB2535512)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276)
/ Windows XP / SP4: Security Update for Windows XP (KB2536276-v2)
/ Windows XP / SP4: Update for Windows XP (KB2541763)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893)
/ Windows XP / SP4: Security Update for Windows XP (KB2544893-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB2555917)
/ Windows XP / SP4: Security Update for Windows XP (KB2562937)
/ Windows XP / SP4: Security Update for Windows XP (KB2566454)
/ Windows XP / SP4: Security Update for Windows XP (KB2567053)
/ Windows XP / SP4: Security Update for Windows XP (KB2567680)
/ Windows XP / SP4: Security Update for Windows XP (KB2570222)
/ Windows XP / SP4: Hotfix for Windows XP (KB2570791)
/ Windows XP / SP4: Security Update for Windows XP (KB2570947)
/ Windows XP / SP4: Microsoft .NET Framework 1.0 Hotfix (KB2572066)
/ Windows XP / SP4: Security Update for Windows XP (KB2592799)
/ Windows XP / SP4: Update for Windows XP (KB2607712)
/ Windows XP / SP4: Update for Windows XP (KB2616676)
/ Windows XP / SP4: Update for Windows XP (KB2641690)
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Update for Windows XP (KB971029)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB971961)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB979687)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Security Update for Windows XP (KB981349)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981957)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982132)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982381)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
/ Windows XP / SP4: Security Update for Windows XP (KB982802)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Aware Browsing Protection
command: "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
file: C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 57344
MD5: EA31039E691C6F8F5469649526EEA5FB

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 70720
MD5: C2E83C262ACC943EDBA600D12B965017

Located: HK_LM:Run, DISCover
command: C:\Program Files\DISC\DISCover.exe
file: C:\Program Files\DISC\DISCover.exe
size: 1077248
MD5: 5F4F51DCDDEED4CD994937572B9D9253

Located: HK_LM:Run, DiscUpdateManager
command: C:\Program Files\DISC\DiscUpdMgr.exe
file: C:\Program Files\DISC\DiscUpdMgr.exe
size: 61440
MD5: 37BDDF9E2D1E368081DDE37C927C3ED2

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1259376
MD5: 4EB0C6C3EF4D8885CF2B5D0062F31E44

Located: HK_LM:Run, DMAScheduler
command: "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
file: c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 2DE7626D495F4A51009AED22D79CABDC

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
size: 41800
MD5: 3F654601A593A96BC4A47035B0829E69

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: 4D83DC461F8F4370274CF6E9AC9A34F4

Located: HK_LM:Run, HPBootOp
command: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
file: C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
size: 249856
MD5: A789B145F17FA5C2326907F4872FE173

Located: HK_LM:Run, HPHUPD08
command: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
file: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
size: 49152
MD5: 4F113169A2DE985D043A5530987AD6D0

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 8561DC9A6C9BDF4BB0E52C689672BE3D

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B

Located: HK_LM:Run, ISW
command: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
file: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 738944
MD5: 5B590ED157BAAAD76F71A148741E8E9C

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13670504
MD5: 8FFC8E6236073D462CAD9EDABFD3E0E4

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 110696
MD5: 2EF47B25843130B9E05AD487D667374D

Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet
file: nwiz.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, PCDrProfiler
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, PCDrSmartMonitor
command: "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
file: C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
size: 360448
MD5: 0A52A680777A447C8650CC4740E94883

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: C341CCFBE98BC7DF6E0B856BB9FC265A

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 237568
MD5: F3EAEA279F09A7779C18793C87640794

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 18085888
MD5: B5DBE74457D015EC8D4F2CD43D52906D

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 6E3245DF783E58375B3465F03274743E

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA

Located: HK_LM:Run, WRSVC
command: "C:\Program Files\Webroot\WRSA.exe" -ul
file: C:\Program Files\Webroot\WRSA.exe
size: 605272
MD5: 971E4BBCE79501EDFC722F613B8C048E

Located: HK_LM:Run, ZoneAlarm
command: "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
file: C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
size: 73360
MD5: 449D2363BD2C2AAD83FDB6E082B8C112

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 449608
MD5: 026423673B8563E9975BDA97ED6273C7

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_CU:Run, AOL Fast Start
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: "C:\Program Files\AOL Desktop 9.6a\AOL.EXE" -b
file: C:\Program Files\AOL Desktop 9.6a\AOL.EXE
size: 42320
MD5: C7EF0EA6DEC000B6CAA37939116D7C2E

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, DW6
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
file: C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Google Update
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
file: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773

Located: HK_CU:Run, Weather
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: C:\Program Files\AWS\WeatherBug\Weather.exe
file: C:\Program Files\AWS\WeatherBug\Weather.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Xnehogewu
where: S-1-5-21-3552373890-1893394444-1375434532-1008...
command: rundll32.exe "C:\WINDOWS\concst.dll",Startup
file: "C:\WINDOWS\concst.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3552373890-1893394444-1375434532-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3552373890-1893394444-1375434532-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:RunOnce, NeroHomeFirstStart
where: S-1-5-21-3552373890-1893394444-1375434532-500...
command: "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 16680
MD5: A366AB4A25812A9296020358C785C3B8

Located: Startup (common), WDDMStatus.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
file: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
size: 2057536
MD5: B60F263FC062314AF16912E623284BA3

Located: Startup (common), WDSmartWare.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
file: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
size: 9136960
MD5: BE0B735454260BEC42D1E5E736C636E8

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/23/2005 9:12:08 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 9/23/2005 9:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 11/7/2010 10:59:30 PM
Date (last access): 11/20/2011 3:59:22 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{6c97a91e-4524-4019-86af-2aa2d567bf5c} (Ad-Aware Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ad-Aware Security Toolbar
CLSID name: Ad-Aware Security Toolbar
Path: C:\Program Files\adawaretb\
Long name: adawareDx.dll
Short name: ADAWAR~2.DLL
Date (created): 10/21/2011 3:10:08 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/21/2011 3:10:08 AM
Filesize: 87440
Attributes: archive
MD5: 9D5363467C5563A492BBC625D3FDF53B
CRC32: 695ABB35
Version: 1.0.0.20

{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} (ZoneAlarm Security Engine Registrar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ZoneAlarm Security Engine Registrar
CLSID name: ZoneAlarm Security Engine Registrar
Path: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\
Long name: TrustCheckerIEPlugin.dll
Short name: TRUSTC~1.DLL
Date (created): 11/3/2011 8:44:36 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 11/3/2011 8:44:36 AM
Filesize: 599680
Attributes: archive
MD5: E8537E7E4A4F341DA59B8C8449BED5EB
CRC32: 56EF24CE
Version: 1.5.350.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 6/9/2010 10:47:48 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 6/9/2010 10:47:48 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 9A00B7C38DBC6D01FB72784AC307CB3B
CRC32: 83026B48
Version: 3.0.129.5

{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HpWebHelper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HpWebHelper
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 6/9/2010 10:42:50 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 6/9/2010 10:42:50 PM
Filesize: 217088
Attributes:
MD5: A0EF773AA00AFAF320E7404304EC5220
CRC32: 210919B9
Version: 1.0.0.1

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 10/18/2011 6:05:34 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/18/2011 6:05:34 PM
Filesize: 42272
Attributes: archive
MD5: DC365B6E595683F67BC21A203432E336
CRC32: ADEC3F07
Version: 6.0.290.11

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 10/18/2011 6:05:32 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/18/2011 6:05:32 PM
Filesize: 79648
Attributes: archive
MD5: E3A7850421A4AB8B15FC174EB587BC6B
CRC32: 91B5A119
Version: 6.0.290.11

{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} (ChromeFrame BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ChromeFrame BHO
CLSID name: ChromeFrame BHO
Path: C:\Program Files\Google\Chrome Frame\Application\15.0.874.121\
Long name: npchrome_frame.dll
Short name: NPCHRO~1.DLL
Date (created): 11/16/2011 7:00:56 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 11/14/2011 11:39:52 PM
Filesize: 1952824
Attributes: archive
MD5: ECFDFAD1F7F7961B8E95811460FCDCC7
CRC32: C60C73A2
Version: 15.0.874.121



--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 11/2/2011 3:53:06 AM
Date (last access): 11/20/2011 3:45:22 PM
Date (last write): 11/2/2011 3:53:06 AM
Filesize: 279480
Attributes: archive
MD5: 3D370A2465AA3C09721FF34E3A0AF223
CRC32: 03BC2515
Version: 11.6.3.633

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276157759437
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 8/6/2009 6:23:26 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 8/6/2009 6:23:26 PM
Filesize: 215904
Attributes: archive
MD5: 67265EC468DC51EE0BE82D1AF1E50B52
CRC32: E76134D4
Version: 7.4.7600.226

{8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\WINDOWS\Downloaded Program Files\PhotoUploader55.inf
Codebase: http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PhotoUploader55.ocx
Short name: PHOTOU~1.OCX
Date (created): 7/29/2009 8:21:24 PM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 7/29/2009 8:21:24 PM
Filesize: 3540488
Attributes: archive
MD5: B36353934BB8B0E7CC8557AC5143EF41
CRC32: 3AC3C312
Version: 5.5.8.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11

{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_05.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 2:37:54 AM
Date (last access): 11/20/2011 3:59:24 PM
Date (last write): 10/3/2011 5:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash11e.ocx
Short name:
Date (created): 11/18/2011 6:27:16 PM
Date (last access): 11/20/2011 3:56:50 PM
Date (last write): 11/18/2011 6:27:16 PM
Filesize: 8632480
Attributes: readonly archive
MD5: E9F427EF46965D33E878A507A2F5CCB6
CRC32: 359DBBF0
Version: 11.1.102.55



--- Process list ---
PID: 0 ( 0) [System]
PID: 760 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 848 ( 760) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 872 ( 760) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 916 ( 872) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 928 ( 872) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1088 ( 916) C:\Program Files\Webroot\WRSA.exe
size: 605272
MD5: 971E4BBCE79501EDFC722F613B8C048E
PID: 1124 ( 916) C:\WINDOWS\system32\nvsvc32.exe
size: 154216
MD5: C0204C1A7A2D2433D48F49E4ECC09AB6
PID: 1156 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1300 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1408 ( 916) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1496 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1632 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1764 ( 916) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
size: 2420616
MD5: BB4C900FD6BF91422FC44A9CB640AE01
PID: 1840 (1816) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 548 ( 916) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
size: 497280
MD5: 5B2CCEF06F96DFB22893AB8F0B3F891D
PID: 692 ( 548) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
size: 738944
MD5: 5B590ED157BAAAD76F71A148741E8E9C
PID: 704 ( 916) C:\WINDOWS\system32\spoolsv.exe
size: 58880
MD5: 60784F891563FB1B767F70117FC2428F
PID: 628 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 816 ( 916) C:\Program Files\LSI SoftModem\agrsmsvc.exe
size: 14336
MD5: 6416F9B6B220F0A890525C38235AFAD7
PID: 172 ( 916) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
size: 100016
MD5: 7FB54900AA9792AB6307C699EC1859D4
PID: 976 ( 916) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 1352 ( 172) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
size: 46768
MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
PID: 1644 ( 916) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 2180 ( 916) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
size: 86140
MD5: 0B66A9A2137213075F753579E7D573A5
PID: 2212 ( 916) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 381B25DC8E958D905B33130D500BBF29
PID: 2412 ( 916) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: E4973B3229E0015345AFBE43A8A8EB3B
PID: 2900 ( 916) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2932 ( 916) C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
size: 71096
MD5: B400ED9FA710F2E5FC3C1CB14D7947B0
PID: 2952 ( 916) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
size: 73728
MD5: 2D091A99624FB9E7EEF0A86D872EC0C3
PID: 3248 ( 916) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
size: 219496
MD5: 146842398FD7855FC98095FCE7F5859D
PID: 3296 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3328 ( 916) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3424 ( 916) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
size: 110592
MD5: 0220362DEB2A21551B418D61F3153347
PID: 3524 ( 916) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
size: 20480
MD5: 138AB06ADBBF300AA804D7974A5AEC82
PID: 3592 (1088) C:\Program Files\Webroot\WRSA.exe
size: 605272
MD5: 971E4BBCE79501EDFC722F613B8C048E
PID: 3636 ( 916) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 3788 ( 916) C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
size: 180224
MD5: D1DE16926C682DCD3D99AE5500CA5522
PID: 3820 ( 916) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 3868 ( 916) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
size: 508264
MD5: 98856CB70C327ADBF51325D10DB39137
PID: 1596 (1156) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 2724 ( 916) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
size: 821664
MD5: 344546D11D7E6D9F481E9D3ABC6E76CB
PID: 2872 ( 916) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 160 ( 916) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 4000 (1840) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 3936 (1840) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 8561DC9A6C9BDF4BB0E52C689672BE3D
PID: 3676 (1840) C:\Program Files\DISC\DISCover.exe
size: 1077248
MD5: 5F4F51DCDDEED4CD994937572B9D9253
PID: 4088 (1840) C:\Program Files\DISC\DiscUpdMgr.exe
size: 61440
MD5: 37BDDF9E2D1E368081DDE37C927C3ED2
PID: 2012 (1840) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 2DE7626D495F4A51009AED22D79CABDC
PID: 1900 (1156) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3768 (1840) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: 4D83DC461F8F4370274CF6E9AC9A34F4
PID: 2228 (1840) C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
size: 41800
MD5: 3F654601A593A96BC4A47035B0829E69
PID: 2352 (1840) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 2480 (1840) C:\WINDOWS\RTHDCPL.EXE
size: 18085888
MD5: B5DBE74457D015EC8D4F2CD43D52906D
PID: 5024 (1840) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA
PID: 5076 (1840) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
size: 73360
MD5: 449D2363BD2C2AAD83FDB6E082B8C112
PID: 5156 (1840) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 6E3245DF783E58375B3465F03274743E
PID: 5328 (1840) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 5740 (3676) C:\Program Files\DISC\DiscStreamHub.exe
size: 57344
MD5: 35FD73BA6356094ABCB61F0A2C555595
PID: 4352 (1840) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
size: 2057536
MD5: B60F263FC062314AF16912E623284BA3
PID: 4528 (1840) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
size: 9136960
MD5: BE0B735454260BEC42D1E5E736C636E8
PID: 5768 (2228) c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
size: 1536
MD5: 87A2CD3AD5BF4F57C0DF046CC3A8C5A7
PID: 5864 ( 308) C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
PID: 2552 ( 308) c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 6036 ( 308) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 86960
MD5: 64B9816268F2003803A9E431882CBFAE
PID: 5516 (5104) C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 65536
MD5: 4370CAA3CC5F216A112052257A962E15
PID: 636 (1156) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3308 (3076) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4424 ( 916) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
size: 2152152
MD5: EA38136981C61C571D52C380DAAD46EF
PID: 6872 (1156) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: C7000F2DB2A5515C64C257478769A481
PID: 4288 ( 916) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
size: 279848
MD5: A328A46D87BB92CE4D8A4528E9D84787
PID: 6284 (2228) C:\Program Files\Common Files\AOL\1276149201\EE\aolsoftware.exe
size: 41800
MD5: 3F654601A593A96BC4A47035B0829E69
PID: 6840 (6036) c:\progra~1\common~1\instal~1\update~1\isuspm.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
PID: 6316 (1156) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
size: 865200
MD5: C79ECC33D5145224214FD82D3E458945
PID: 5384 (8084) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1047208
MD5: 4CBE2BD48A10404A7CB9FA9D45FD77A3
PID: 6808 (6980) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 7732 (1840) C:\WINDOWS\system32\notepad.exe
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 6156 (1840) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 7264 (7848) C:\Program Files\AOL Desktop 9.6a\waol.exe
size: 41296
MD5: E35B794124685EAF5EFD3F46C7CF5834
PID: 6836 ( 916) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 5068 (7264) C:\Program Files\AOL Desktop 9.6a\shellmon.exe
size: 45392
MD5: 168E359AAFB8C1EE6C19FA377E6CFA84
PID: 5296 (7264) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
size: 39240
MD5: 186F36EB3F911AE26AA8120CB05D645D
PID: 7132 (7264) C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
size: 2211152
MD5: E6E6BB6C1AAB3470D855836B1764DE0C
PID: 6060 (1840) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/20/2011 4:24:48 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.comcast.net/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{607B0DAF-AD38-419E-847C-FC31860CA1D7}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{607B0DAF-AD38-419E-847C-FC31860CA1D7}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F204927D-9268-49FC-BE9F-3EBEC7F8CA66}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F204927D-9268-49FC-BE9F-3EBEC7F8CA66}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8599EFDA-B370-4B29-9F3E-35CB617F812A}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8599EFDA-B370-4B29-9F3E-35CB617F812A}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F2A3A89-2262-4C45-B135-2BC897AFA8AD}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F2A3A89-2262-4C45-B135-2BC897AFA8AD}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

 

[JonTom]

Hello kitty764 and :welcome:

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

Lets begin with a scan from the following tool:

1. DeFogger
   
   
   • Please download DeFogger to your desktop.
   • Click on DeFogger to run the tool.
   • The application window will appear.
   • Click the Disable button to disable your CD Emulation drivers.
   • Click Yes to continue.
   • A 'Finished!' message will appear.
   • Click OK.
   • DeFogger will now ask to reboot the machine - click OK.
     IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
     Do not re-enable these drivers until otherwise instructed.
   
   
2. Please scan your system with GMER
   
   
   
   
   
   Download GMER Rootkit Scanner from here or here.
   • Extract the contents of the zipped file to desktop.
   • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
   • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
   • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
     • IAT/EAT
     • Drives/Partition other than Systemdrive (typically C:\)
     • Show All (don't miss this one)
   • Then click the Scan button & wait for it to finish.
   • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
     
   • Save it where you can easily find it, such as your desktop, and post it in your reply.
   
   **Caution**
   Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
   
   Please post the GMER log in your next reply. If you encounter any problems with the scan come back and let me know.

 

[kitty764]

Hello JonTom, thanks for helping!

I was able to run the first program and disable the emulation drives.

I ran the second program the first time with the "show all" checked, stopped/started it over, when that was done, I clicked the wrong button, and the scan started again, I stopped it, saved the log but there was barely anything on it, so I went ahead and scanned again, and I just got an error message:
"Delayed Write Failed, unable to save all the data for the file device/harddiskvolume1/windows/system32/pcintro/elements. The data has been lost, it may be caused by a falure of computer hardware or network connection. Try to save file elsewhare"

I'm going to try the scan again.

Thanks again!

 

[kitty764]

Gmer Log #1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-21 20:07:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST325041 rev.3.AA
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwxdafob.sys


---- System - GMER 1.0.15 ----

SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAllocateVirtualMemory [0xB7D9A490]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAssignProcessToJobObject [0xB7D9A640]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA6BF02F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA6BEA5CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA6C0958A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA6BF0A80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA6C03E4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA6C0423C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA6C0D6F6]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwCreateThread [0xB7D9A6C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA6BF0BB6]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwDebugActiveProcess [0xB7D9A540]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA6BEB1E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA6C0AE3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA6C0A7B2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA6C02D8A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA6C0B794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA6C0B99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA6BEADF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA6C06160]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwOpenSection [0xB7D9AB90]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA6C05D8A]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwProtectVirtualMemory [0xB7D9A750]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA6C0C72A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA6C0C060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA6BEFEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA6C0D0FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA6BF059C]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwSetContextThread [0xB7D9A5C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA6BEB5A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA6C0CC6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA6C09F72]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA6C04EA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA6C04C20]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwTerminateThread [0xB7D9A7D0]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwWriteVirtualMemory [0xB7D9A850]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [80, 0A, BF, A6, 4E, 3E, C0, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB574C380, 0x566445, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA5268400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA530A420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA530A420]
.protectÿÿÿÿhardlockunknown last code section [0xA530A200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA530A200, 0x5049, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehRecvr.exe[176] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[176] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[220] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D8C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017A50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017AC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016C70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017B20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017CB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017B90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016DD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017C50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DD90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DF50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DDD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text

 

[kitty764]

Gmer #2

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D900 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017D80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017D00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DF90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D850 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016BA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100174F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100172D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016A70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100168C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D6D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016830 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100175B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017610 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100176D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10012F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 100178A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017680 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DCE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DC60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E110 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetOpenUrlA 3D95F3AC 1 Byte [E9]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[468] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E0B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[512] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[540] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D8C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017A50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017AC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016C70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017B20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017CB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017B90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016DD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017C50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DD90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DF50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DDD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D900 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017D80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017D00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DF90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D850 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016BA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100174F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100172D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016A70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text

 

[kitty764]

Gmer #3

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100168C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D6D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016830 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100175B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017610 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100176D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10012F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 100178A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017680 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DCE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DC60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E110 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetOpenUrlA 3D95F3AC 1 Byte [E9]
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[668] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E0B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\WINDOWS\eHome\ehSched.exe[712] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[712] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1108] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1192] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DISC\DISCover.exe[1360] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[1568] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text

 

[kitty764]

Gmer # 4

C:\WINDOWS\system32\RUNDLL32.EXE[1764] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\RUNDLL32.EXE[1764] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1812] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1840] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1864] SHLWAPI.dll!SHIsLowMemoryMachine + 6E02 77FBDD0B 5 Bytes JMP 10012B50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1932] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2100] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2116] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2372] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2376] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2392] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[2416] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text

 

[kitty764]

Gmer # 5

C:\WINDOWS\system32\dllhost.exe[2460] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2460] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2524] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2668] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe[2728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe[2772] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE[2788] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3064] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3144] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3168] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3256] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text

 

[kitty764]

C:\WINDOWS\system32\wbem\unsecapp.exe[3256] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3268] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] KERNEL32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[3588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe[3632] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3664] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\WinRAR\WinRAR.exe[4444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe[4536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[4544] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[4600] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D8C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017A50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017AC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016C70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017B20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017CB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017B90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016DD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017C50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DD90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DF50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DDD0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D900 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017D80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017D00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DF90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D850 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text

 

[kitty764]

Gmer # 7

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016BA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100174F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100172D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016A70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100168C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D6D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016830 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017790 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100175B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017610 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100176D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10012F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 100178A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017680 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DCE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DC60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E110 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetOpenUrlA 3D95F3AC 1 Byte [E9]
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.921\gmer.exe[4716] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E0B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10012EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017280 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100171C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10016F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017230 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D940 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DAB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10016FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DA50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016F00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017010 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 10016BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10016F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016B00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012D70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1000CE20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1000CE40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10015DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\AOL Desktop 9.6a\waol.exe[4896] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100184B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text

 

[kitty764]

Gmer # 8

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[5020] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AOL Desktop 9.6a\shellmon.exe[5204] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[5936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[6036] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0x7E 0x31 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0F 0x69 0x58 0xF0 ...
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}@ ISensNetwork
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib@ {E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\Interface\{D597BAB1-5B9F-11D1-8DD2-00AA004ABD5E}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0@ SENSReachability 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\0\win32@ C:\Program Files\Common Files\AOL\ACS\AOLDialr.DLL
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{E6859F27-1554-40E2-984E-75B7D56A936A}\1.0\HELPDIR@ C:\Program Files\Common Files\AOL\ACS\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\AOL - gedclb@aol.com@MessageCount 39

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Cookies\CS0FXQU0.txt 0 bytes
File C:\Documents and Settings\HP_Administrator\Cookies\OALGC9KF.txt 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\red_1px[1].gif 149 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\icons_sprite[1].gif 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\walmart-120x80[1].gif 5082 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1DQJEWHZ\186264_100000998601025_4848860_q[1].jpg 0 bytes

---- EOF - GMER 1.0.15 ----

 

[JonTom]

Hello kitty764

Thank you for the log.

Lets proceed as follows:

1. P2P Programs:
   
   
   • P2P programs are a major source of Malware infections.
   • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
   • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
   • If you wish to keep the program(s), please do not use them until your computer is cleaned.
     
     
   • Information regarding the risk of using these programs can be found from here and here.
     
     
   • It is strongly recommend that you uninstall any P2P programs you have on your system.
     
     
   • To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
   • A list of currently installed programs will be displayed.
   • Find the "µTorrent" program, click on it once and then click on the "Remove" button.
   • If you are prompted to re-boot your computer to complete the uninstall please do so.
     
     
     PLEASE NOTE:
   • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
   
   
2. Foistware
   
   
   • I can see from your log that you have Viewpoint Media Player installed.
   • Viewpoint Media Player is considered as foistware rather than malware since it is installed without user's approval but doesn't spy or do anything "bad".
   • It is recommended that you remove Viewpoint products. However, this choice is up to you.
   • To remove these programs, click "Start" and then on "Control Panel" and then on "Add or Remove Programs".
   • Select Viewpoint Media Player and click on "Remove".
   
   
3. Combofix
   
   
   • Download ComboFix from one of the following locations:
     
     Link 1
     Link 2
   • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
   • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
   • Double click on ComboFix.exe & follow the prompts.
   • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
   • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
   
   
   
   
   
   • Click on Yes, to continue scanning for malware.
   • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
   • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
   • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
   • Should there be issues with internet afterward:
     
     In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
     
     In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
     
   
   Please post the ComboFix log in your next reply.

 

[kitty764]

I already uninstalled µTorrent from the add/remove program, I don't know why it's still showing.
I shut down Webroot (and all of the security programs)from the tray icon before running Combofix, I even entered captcha<sp> to shut it down but Combifix kept warning me to shut it down, so I cancelled the scan. I checked the link in the thread to shut down firewalls/etc, but i didn't see my program on the list.

Is it ok to go ahead with the scan anyway?

Thanks!

 

[JonTom]

Hello kitty764

Is it ok to go ahead with the scan anyway?

Run the scan from Safe Mode with Networking:

1. Reboot Your System in Safe Mode with Networking
   
   
   • Restart your computer.
   • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
   • Use the arrow keys to select the Safe Mode with Networking menu item.
   • Press Enter.
   
   Once into safe Mode with Networking run ComboFix and post the log in your next reply.

 

[kitty764]

I started in safe mode w/networking; started Combo Fix, it initially started, warned me that I was running my spyware/av programs (even though they were closed), clicked ok to run, blue box came up and nothing happened, watied about 20 mn and restarted the computer; tried agian with the same results.

Side note, tea timer has been disabled since my first post. I read in other threads that people were advised to turn it off, so to save a step I disabled it.

 

[JonTom]

Hello kitty764

If you are having problems with ComboFix we will use a different method to clean your machine, but before we do I would like to take a closer look at a couple of files on your machine.

Please do the following:

1. Please scan the following files
   
   
   • Please go to VirusTotal
   
   
   • On the page you'll find a "Browse" button.
   • Click on the Browse button.
   • In the Choose File to Upload window which opens, copy and paste this into the File Name box.
   
   
   c:\windows\system32\srvany.exe
   
   
   • Next, click the Open button.
   • Then click the "Send File" button just below.
   • This will scan the file. Please be patient.
   • If you get a message saying File has already been analyzed: click Reanalyze file now.
   • Once scanned, copy and paste the link to the results page in your next reply.
   • Please repeat this procedure for the following files:
   
   c:\windows\concst.dll
   
   
   • Please post the links to the Virus Total result pages in your next reply.

 

[kitty764]

http://www.virustotal.com/file-scan...4fa63ac78d353101d2e7dc4de2725d1ca1-1322072484

The other file: c:\windows\concst.dll was not found. I get that error everytime I start up too. I think that may be from my internet service provider Comcast, I deleted some of the files because I didn't want the av program or search engine that came with it.

 

[JonTom]

Hello kitty764

Please do not delete any more files unless asked to do so

1. Please make a backup of your Registry
   
   
   • The following fix requires altering your Windows Registry. Therefore we need to back it up in case we run into problems:
   • Download ERUNT to your Desktop (Right click the link, select "Save Link/Target As"..., select your Desktop and press Save).
   • Right click erunt.zip, choose "Extract All…" and follow the prompts to unzip the program.
   • Open the ERUNT folder on your Desktop and double click ERUNT.exe to start the program.
   • Click OK for all the prompts to back up your registry to the default location.
   • Note: if it becomes necessary to restore the registry, open the backup folder and start ERDNT.exe.
   
   
2. Please download OTM
   
   
   • Please download OTM by OldTimer by clicking here.
   • Save the file (called OTM.exe) to your desktop.
   • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
   • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
   
   
   

   :Processes 
   explorer.exe
   
   :Files
   c:\windows\concst.dll
   
   :Reg
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Xnehogewu"=-
   
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
   "{9D425283-D487-4337-BAB6-AB8354A81457}"=-
   "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
   
   :Commands
   [Purity]
   [EmptyTemp]
   [Emptyflash]
   [Start Explorer]
   [Reboot]

   
   
   
   
   • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
   • Click the Moveit! button.
   • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
   • Close OTM.
   • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
   
   
3. Trusted Zones:
   
   
   • I can see that you have a web site stored in the "Trusted Zones" section of your log. The only advantage to having a domain stored in your Trusted Zones, is that the domain will not prompt you for any permission before installing software or updates from the "trusted" site. This also means however, that if a malware exploit comes out where a site can spoof their domain name to match one stored in your Trusted Zones, then you will never know when (or what) they install on your machine.
   • If you remove this entry, these sites will still be able to install software, but only after receiving permission from you to do so, putting you back in control.
   • I suggest you remove the following entries:
   
   
   • 
     [*]Trusted Zone: trymedia.com
   • You can remove sites from your Trusted Zones via:
   • IE > Tools > Internet Options > Security tab > Trusted Zone > Sites.
     
   • For more information regarding the addition of sites to your Trusted Zones, click here.
   
   
4. MalwareBytes AntiMalware:
   
   
   • I can see that you have MBAM installed.
   • Double click on your MalwareBytes AntiMalware icon to launch the program.
   • Click on the "Update" tab and then on "Check for Updates".
   • The program will now install the latest Malware definition files.
   • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
   • Once the program has scanned your computer, a log file will be created in Notepad.
   • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
   
   
   • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
   • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
   • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
   • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
   • Come back here to this thread and Paste the log in your next reply.
   
   Please post the OTM log, the MBAM log and a new DDS log in your next reply.

 

[kitty764]

Thank you

When I tried to remove trymedia.com from the trusted zone, I went to IE, tools, trusted sites, then sites.. All that came up is a window to "add this website to the zone".


OTM Log
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\concst.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Xnehogewu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users
->Flash cache emptied: 87 bytes

User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 33064 bytes

User: HP_Administrator
->Temp folder emptied: 45367916 bytes
->Temporary Internet Files folder emptied: 260235107 bytes
->Java cache emptied: 6270843 bytes
->Google Chrome cache emptied: 23471934 bytes
->Flash cache emptied: 144081 bytes

User: LocalService
->Temp folder emptied: 2050572 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1982344 bytes
->Temporary Internet Files folder emptied: 116496 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 216177 bytes
%systemroot%\System32 .tmp files removed: 21030417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1448872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 180277142 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 299754 bytes

Total Files Cleaned = 518.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11232011_171749

Mbam Log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8227

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/23/2011 5:50:16 PM
mbam-log-2011-11-23 (17-50-16).txt

Scan type: Quick scan
Objects scanned: 188016
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 17:59:13 on 2011-11-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1816 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1276149201\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
c:\program files\common files\aol\1276149201\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\AOL Desktop 9.6a\waol.exe
C:\Program Files\AOL Desktop 9.6a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6a\AOL.EXE" -b
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1276149201\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PCDrSmartMonitor] "c:\program files\pc-doctor 5 for windows\PcdSmartMonitor.exe" -r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276157759437
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{F204927D-9268-49FC-BE9F-3EBEC7F8CA66} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-10 64512]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-3 106824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2010-9-11 218688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-26 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-3 633088]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-26 15232]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2006-2-7 21120]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-10 8192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-10-28 11520]
.
=============== Created Last 30 ================
.
2011-11-23 23:17:49 -------- d-----w- C:\_OTM
2011-11-22 23:24:26 -------- d-s---w- C:\ComboFix
2011-11-22 18:40:40 -------- d-----w- c:\program files\MetaStream
2011-11-22 18:40:29 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2011-11-13 03:29:39 -------- d-----w- c:\program files\AOL Desktop 9.6a
2011-11-13 00:41:55 -------- d-----w- c:\windows\Internet Logs
2011-11-13 00:40:45 -------- d-----w- c:\documents and settings\hp_administrator\application data\CheckPoint
2011-11-13 00:39:46 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-13 00:20:17 -------- d-----w- c:\program files\CheckPoint
2011-11-04 01:42:33 141272 ----a-w- c:\windows\system32\WRusr.dll
2011-11-04 01:42:33 106824 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-04 01:42:30 -------- d-----w- c:\program files\Webroot
2011-11-04 01:42:29 -------- d-----w- c:\documents and settings\all users\application data\WRData
2011-11-03 05:09:07 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-11-03 05:01:24 -------- d-----w- C:\mcamx
2011-10-30 05:37:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western_Digital
2011-10-30 01:24:25 -------- d-----w- c:\documents and settings\all users\application data\WD_SmartWareCommon
2011-10-30 01:20:28 -------- d-----w- c:\documents and settings\hp_administrator\application data\Western Digital
2011-10-30 01:18:01 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Western Digital
2011-10-28 22:48:22 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-10-26 23:02:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-26 17:15:32 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\adaware
2011-10-26 17:15:13 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-10-26 17:14:43 -------- d-----w- c:\program files\Toolbar Cleaner
2011-10-26 17:14:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\adawaretb
2011-10-26 17:14:32 -------- d-----w- c:\program files\adawaretb
2011-10-26 17:14:15 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-11-23 23:28:59 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
2011-11-19 00:27:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 21:19:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 00:22:15 10920 ----a-w- C:\aolconnfix.exe
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:00:48.37 ===============