Solved Browser redirect and pop up problem with multiple machines

Status
Not open for further replies.

Dantilldusk

Posts: 15   +0
Hello First thank you for reading my issue and a preemptive thankyou for all your help!
I am very new to running most of the programs i have heard about to try to fix my problem so i may ask a very noob question when you help.
My problem is as follows:
when using firefox or IE 8 i often do a google search and when i click the link to take me to the search page i get a completely different sort of page. I often see google analytics come up in the bottom of the screen and then the unasked for page pops up.
another way this happens is when i click a link and the page i asked for does come up after a few seconds it will then change to some random page without any further clicking.
this has gone on for about 6 months and has become VERY annoying. Please help if you can!

Thank you very much
Dan

following is my HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:18 PM, on 2/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///D:/setup/RiffLick.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arcsoft Security Service - Arcsoft, Inc. - C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC-Jaadu\WinVNC.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10886 bytes

my malware bytes log follows:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5706

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/7/2011 3:12:51 PM
mbam-log-2011-02-07 (15-12-51).txt

Scan type: Quick scan
Objects scanned: 147167
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Welcome_crash.gif

(Image courtesy animationplayhouse.com)
Welcome to TechSpot, Dan!
I''l be glad to help with the problem after I get some information. We don't 'screen' for malware with HijackThis.
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
(Multiple posts can be used if needed)
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Edit: I had issed the Mbam log. You don't have to run it again if you haven't made any changes in the System. So it will be GMER and DDS scans (2 logs for DDS), plus the other steps.
 
thank you for your quick response the logs will follow

GMER 1 of 6 parts:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-07 22:03:18
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD1500HLFS-01G6U0 rev.04.04V01
Running: jjqhu1oy.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA7434542]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xA7434DBA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA72B82EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xA7435DCC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA72B18CC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA72D30E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xA7435CA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA7434148]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA72B8ABE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA72CCF82]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA72CD3AA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA72D783C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA7435EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA7437784]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xA7434A58]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA72B8C1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA7437176]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA72B278E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA72D4B8E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA72D4484]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA7435524]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA72CBD66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7433E80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7433F2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xA7435330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver [0xA7437208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA72D5558]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA72D5796]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xA72D7BF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA7434076]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xA7435E6E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA72B2280]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xA7433592]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xA7435D3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA72CF49A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xA74377AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA7435FA0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA72CF088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xA7433FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA7433BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xA7437B50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xA743384C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xA743749E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA72D661E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA72D5F12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xA743632A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA74361F0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA72B7E84]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA72D707E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xA7438028]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xA74331FE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA72B85B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xA7434C76]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA72B2B98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xA743686C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA72D6BA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA7437C90]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA72D3BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xA7437D74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xA7437E9C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA72CE0A6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA72CDDD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xA743480E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA7437A06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA7434998]

INT 0x62 ? 8A558BF8
INT 0x63 ? 8A558BF8
INT 0x63 ? 8A558BF8
INT 0x63 ? 8A407BF8
INT 0x63 ? 8A407BF8
INT 0x63 ? 8A558BF8
INT 0xA4 ? 8A407BF8

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A74299D4 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A7429DAE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [BE, 8A, 2B, A7, 82, CF, 2C, ...] {MOV ESI, 0x82a72b8a; IRET ; SUB AL, 0xa7; STOSB ; SHR DWORD [EDI], CL}
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [3C, 78, 2D, A7, FE, 5E, 43, ...] {CMP AL, 0x78; SUB EAX, 0x435efea7; CMPSD ; TEST [EDI+0x43], DH; CMPSD ; POP EAX; DEC EDX; INC EBX; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [08, 72, 43, A7, 58, 55, 2D, ...] {OR [EDX+0x43], DH; CMPSD ; POP EAX; PUSH EBP; SUB EAX, 0x2d5796a7; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [1E, 66, 2D, A7, 12, 5F, 2D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [74, 7D, 43, A7, 9C, 7E, 43, ...] {JZ 0x7f; INC EBX; CMPSD ; PUSHF ; JLE 0x4a; CMPSD ; CMPSB ; LOOPNZ 0x37; CMPSD }
? spdi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B8E438EC 5 Bytes JMP 8A4071D8
.text ajchrife.SYS B8B4D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ajchrife.SYS B8B4D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ajchrife.SYS B8B4D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ajchrife.SYS B8B4D3C9 1 Byte [2E]
.text ajchrife.SYS B8B4D3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\brsvc01a.exe[264] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brsvc01a.exe[264] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[312] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\brss01a.exe[344] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[536] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[768] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
 
gmer part 2 of 6

.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!TranslateMessageEx 7E418A19 5 Bytes JMP 200A1000 C:\Program Files\CheckPoint\ZAForceField\AK\akconsole.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[844] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[888] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies).text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[900] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1088] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies).text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] ADVAPI32.DLL!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] ADVAPI32.DLL!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\MagicDisc\MagicDisc.exe[1184] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1244] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
 
Gmer part 3 of 6

.text C:\WINDOWS\System32\alg.exe[1312] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1312] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1392] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies).text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1852] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 20009810 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 20009930 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C39270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 200097E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 20009900 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[2024] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[2124] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
 
Gmer part 4 of 6

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2384] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[2536] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2596] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] KERNEL32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
 
Gmer part 5 of 6

.text C:\Program Files\UltraMon\UltraMon.exe[3288] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMon.exe[3288] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies).text C:\WINDOWS\System32\svchost.exe[3340] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3648] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies).text C:\Program Files\iPod\bin\iPodService.exe[3680] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3680] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchFilterHost.exe[4180] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[5188] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A570 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] kernel32.dll!OpenProcess 7C8309B9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A260 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A360 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
 
Gmer part 6 of 6

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spdi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spdi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spdi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spdi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spdi.sys
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ajchrife.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [A72BD50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [A72BD364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [A72BBABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [A72BDB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\brsvc01a.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\brss01a.exe[344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jqs.exe[536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\Ati2evxx.exe[1072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\Ati2evxx.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe[1428] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\RTHDCPL.EXE[2124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2384] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\SearchIndexer.exe[2536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[2596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[3192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\UltraMon\UltraMon.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[3340] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\UltraMon\UltraMonTaskbar.exe[3396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[3648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\iPod\bin\iPodService.exe[3680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\Administrator\Desktop\jjqhu1oy.exe[5728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C3835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device 8A5571F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Mup \Dfs ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Kbdclass \Device\KeyboardClass0 icsak.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \Driver\usbohci \Device\USBPDO-0 8A4B71F8
Device \Driver\PCI_PNP9380 \Device\00000051 spdi.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5CD1F8
Device \Driver\usbehci \Device\USBPDO-1 8A4B6500
Device \Driver\usbohci \Device\USBPDO-2 8A4B71F8
Device \Driver\rdpdr \Device\RdpDrPort ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \Driver\usbehci \Device\USBPDO-3 8A4B6500
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\rdpdr \Device\RdpDr ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5591F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5591F8
Device \Driver\Cdrom \Device\CdRom0 8A2421F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A2421F8
Device \Driver\Cdrom \Device\CdRom2 8A2421F8
Device \Driver\Cdrom \Device\CdRom3 8A2421F8
Device \Driver\Cdrom \Device\CdRom4 8A2421F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A140500
Device \Driver\NetBT \Device\NetbiosSmb 8A140500
Device \FileSystem\Mup \Device\Mup ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbohci \Device\USBFDO-0 8A4B71F8
Device \Driver\sptd \Device\652353130 spdi.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{CB5514AC-E696-4899-92B5-0D3342DA4CA9} 8A140500
Device \Driver\usbehci \Device\USBFDO-1 8A4B6500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892361F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbohci \Device\USBFDO-2 8A4B71F8
Device 892361F8
Device \Driver\usbehci \Device\USBFDO-3 8A4B6500
Device \Driver\Ftdisk \Device\FtControl 8A5591F8
Device \Driver\ajchrife \Device\Scsi\ajchrife1Port5Path0Target0Lun0 8A214500
Device \Driver\ajchrife \Device\Scsi\ajchrife1 8A214500
Device \FileSystem\Mup \Device\WinDfs\Root ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies)
Device \FileSystem\Cdfs \Cdfs 8918E500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x73 0x84 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xBB 0xC4 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2D 0x09 0xBB 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x73 0x84 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xBB 0xC4 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2D 0x09 0xBB 0xDB ...

---- EOF - GMER 1.0.15 ----
 
DDS logs to follow

DDS.Txt follows:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 22:07:44.87 on Mon 02/07/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1091 [GMT -5:00]

AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{1c94c999-15d2-4c75-9a73-bcc8a677d42e}\IcoUltraMon.ico
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-2-6 128016]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-1-13 89728]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-6 317072]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-2-6 528128]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\arcsoft\totalmedia theatre 3\ArcSecurity.exe [2009-11-22 80384]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-8-27 26352]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-8-27 493032]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-24 10448]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2010-8-27 35568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 136176]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-27 1691480]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2009-6-27 472644]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-6-27 39456]

=============== Created Last 30 ================

2011-02-07 20:09:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 20:09:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 20:09:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-07 19:52:26 -------- d-----w- c:\documents and settings\administrator\Downloads
2011-02-07 19:32:13 -------- d-----w- c:\program files\SonicWallES
2011-02-07 18:27:33 -------- d-----w- c:\docume~1\admini~1\applic~1\#ISW.FS#
2011-02-07 04:40:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky SDK
2011-02-07 04:39:52 -------- d-----w- c:\docume~1\admini~1\applic~1\MailFrontier
2011-02-07 04:39:52 -------- d-----w- c:\docume~1\admini~1\applic~1\CheckPoint
2011-02-07 04:34:12 -------- d-----w- c:\program files\CheckPoint
2011-02-07 04:34:11 72704 ----a-w- c:\windows\zllsputility.exe
2011-02-07 04:34:11 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2011-02-04 22:37:03 -------- d-----w- c:\program files\iPod
2011-01-29 04:08:14 388096 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-29 04:08:14 -------- d-----w- c:\program files\Trend Micro
2011-01-29 04:04:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-29 04:04:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 06:56:36 249856 ------w- c:\windows\Setup1.exe
2010-11-10 06:56:35 73216 ----a-w- c:\windows\ST6UNST.EXE

============= FINISH: 22:08:42.03 ===============


Attach.txt follows:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/27/2009 7:30:40 PM
System Uptime: 2/7/2011 3:03:54 PM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | M3N72-D
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket AM2 | 2300/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 140 GiB total, 76.992 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 373 GiB total, 62.367 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
Z: is NetworkDisk (NTFS) - 931 GiB total, 84.369 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP616: 11/10/2010 10:12:07 AM - Software Distribution Service 3.0
RP617: 11/11/2010 10:47:56 AM - System Checkpoint
RP618: 11/12/2010 3:24:37 PM - System Checkpoint
RP619: 11/13/2010 3:47:56 PM - System Checkpoint
RP620: 11/15/2010 1:34:02 AM - System Checkpoint
RP621: 11/15/2010 9:39:25 AM - Installed LogMeIn Hamachi
RP622: 11/16/2010 9:47:59 AM - System Checkpoint
RP623: 11/17/2010 10:47:56 AM - System Checkpoint
RP624: 11/18/2010 11:47:56 AM - System Checkpoint
RP625: 11/19/2010 12:47:56 PM - System Checkpoint
RP626: 11/20/2010 12:48:15 PM - System Checkpoint
RP627: 11/21/2010 1:49:01 PM - System Checkpoint
RP628: 11/22/2010 2:47:35 PM - System Checkpoint
RP629: 11/23/2010 3:47:35 PM - System Checkpoint
RP630: 11/24/2010 4:47:35 PM - System Checkpoint
RP631: 11/26/2010 12:30:10 PM - System Checkpoint
RP632: 11/27/2010 12:47:35 PM - System Checkpoint
RP633: 11/28/2010 1:47:35 PM - System Checkpoint
RP634: 11/29/2010 2:03:03 PM - System Checkpoint
RP635: 11/30/2010 3:01:17 PM - System Checkpoint
RP636: 12/1/2010 3:22:53 PM - System Checkpoint
RP637: 12/2/2010 4:22:53 PM - System Checkpoint
RP638: 12/3/2010 5:22:53 PM - System Checkpoint
RP639: 12/4/2010 6:22:52 PM - System Checkpoint
RP640: 12/5/2010 8:51:21 PM - System Checkpoint
RP641: 12/6/2010 9:22:53 PM - System Checkpoint
RP642: 12/7/2010 10:22:39 PM - System Checkpoint
RP643: 12/8/2010 11:22:30 PM - System Checkpoint
RP644: 12/10/2010 12:22:30 AM - System Checkpoint
RP645: 12/11/2010 1:57:18 AM - System Checkpoint
RP646: 12/12/2010 2:35:28 AM - System Checkpoint
RP647: 12/13/2010 3:30:53 AM - System Checkpoint
RP648: 12/14/2010 4:21:20 AM - System Checkpoint
RP649: 12/15/2010 12:12:27 AM - Removed LogMeIn Hamachi
RP650: 12/15/2010 12:14:25 AM - Removed WebEx Productivity Tools
RP651: 12/15/2010 12:20:56 PM - Software Distribution Service 3.0
RP652: 12/16/2010 12:32:51 PM - System Checkpoint
RP653: 12/17/2010 1:32:51 PM - System Checkpoint
RP654: 12/18/2010 2:32:51 PM - System Checkpoint
RP655: 12/19/2010 3:00:14 AM - Software Distribution Service 3.0
RP656: 12/20/2010 3:32:51 AM - System Checkpoint
RP657: 12/21/2010 4:32:51 AM - System Checkpoint
RP658: 12/22/2010 5:32:44 AM - System Checkpoint
RP659: 12/23/2010 6:32:44 AM - System Checkpoint
RP660: 12/24/2010 7:32:44 AM - System Checkpoint
RP661: 12/25/2010 8:32:44 AM - System Checkpoint
RP662: 12/26/2010 9:32:44 AM - System Checkpoint
RP663: 12/27/2010 10:32:44 AM - System Checkpoint
RP664: 12/28/2010 11:32:44 AM - System Checkpoint
RP665: 12/29/2010 12:57:59 PM - System Checkpoint
RP666: 12/30/2010 1:32:44 PM - System Checkpoint
RP667: 12/31/2010 2:32:44 PM - System Checkpoint
RP668: 1/1/2011 3:32:44 PM - System Checkpoint
RP669: 1/2/2011 4:32:44 PM - System Checkpoint
RP670: 1/3/2011 5:32:45 PM - System Checkpoint
RP671: 1/4/2011 6:32:44 PM - System Checkpoint
RP672: 1/5/2011 7:32:44 PM - System Checkpoint
RP673: 1/6/2011 8:32:44 PM - System Checkpoint
RP674: 1/7/2011 9:32:45 PM - System Checkpoint
RP675: 1/8/2011 10:32:44 PM - System Checkpoint
RP676: 1/9/2011 10:43:35 PM - System Checkpoint
RP677: 1/10/2011 11:58:06 PM - System Checkpoint
RP678: 1/12/2011 12:32:28 AM - System Checkpoint
RP679: 1/12/2011 8:53:30 PM - Software Distribution Service 3.0
RP680: 1/14/2011 11:50:22 AM - System Checkpoint
RP681: 1/15/2011 12:27:01 PM - System Checkpoint
RP682: 1/16/2011 1:27:01 PM - System Checkpoint
RP683: 1/17/2011 2:26:53 PM - System Checkpoint
RP684: 1/17/2011 7:50:24 PM - Software Distribution Service 3.0
RP685: 1/18/2011 7:54:18 PM - System Checkpoint
RP686: 1/19/2011 8:54:22 PM - System Checkpoint
RP687: 1/20/2011 9:54:18 PM - System Checkpoint
RP688: 1/21/2011 11:52:18 PM - System Checkpoint
RP689: 1/23/2011 12:43:51 AM - System Checkpoint
RP690: 1/24/2011 12:54:18 AM - System Checkpoint
RP691: 1/25/2011 1:54:18 AM - System Checkpoint
RP692: 1/26/2011 2:54:18 AM - System Checkpoint
RP693: 1/27/2011 3:54:18 AM - System Checkpoint
RP694: 1/28/2011 4:54:18 AM - System Checkpoint
RP695: 1/28/2011 10:59:30 PM - Removed Java(TM) 6 Update 13
RP696: 1/28/2011 11:04:18 PM - Installed Java(TM) 6 Update 23
RP697: 1/28/2011 11:08:12 PM - Installed HiJackThis
RP698: 1/29/2011 11:29:28 PM - System Checkpoint
RP699: 1/31/2011 12:29:28 AM - System Checkpoint
RP700: 2/1/2011 1:29:28 AM - System Checkpoint
RP701: 2/2/2011 2:29:28 AM - System Checkpoint
RP702: 2/3/2011 3:29:28 AM - System Checkpoint
RP703: 2/4/2011 4:29:17 AM - System Checkpoint
RP704: 2/4/2011 11:09:18 AM - Cleaned registry with Windows Live OneCare safety scanner
RP705: 2/5/2011 12:03:15 PM - System Checkpoint
RP706: 2/6/2011 1:15:27 PM - System Checkpoint
RP707: 2/7/2011 3:51:08 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.4.1
Advertising Center
AI Suite
AMD Processor Driver
Any DVD Converter Professional 4.1.1
Any Video Converter Professional 2.7.3
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Theatre 3
Ask Toolbar
ASUSUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Avery Wizard 3.1
AviSynth 2.5
Bonjour
Bonjour Print Services
Brother MFL-Pro Suite
Cascade
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comical 0.8
ComicZeal Sync 0.9.4.6
ConvertXtoDVD 4.0.10.324
Cool & Quiet
CutePDF Writer 2.8
CyberLink BD & 3D Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink PowerProducer
DAMN NFO Viewer 2.10.0031 RC3
DAO
Diablo II
DolbyFiles
Driver Genius Professional Edition
Dropbox
DVD Shrink 3.2
DVD2one V2.3.0
eReg
Express Gate
FairStars Audio Converter Pro 1.02
ffdshow [rev 1723] [2007-12-24]
Google Chrome
Google Earth Plug-in
Google Update Helper
Guitar Pro 5.2
Hero Editor V1.04
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICatch (VI) PC Camera
ImagXpress
Intel Performance Power Manager
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Logitech SetPoint 6.15
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mirage Driver 1.1
Mobile Mouse Server
MobileMe Control Panel
Move Media Player
Movie Templates - Starter Kit
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PaperPort Image Printer
PC Probe II
PixiePack Codec Pack
PowerISO
QuickTime
Realtek High Definition Audio Driver
Safari
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
Skype web features
Skype™ 4.1
SoundTrax
TaxACT 2009
TaxACT 2009 Indiana
TaxACT 2010
TaxACT 2010 Indiana
TVersity Codec Pack 1.4
TVersity Media Server Pro 1.9.2
UltraMon
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Videora iPhone Converter 4.04
VLC media player 1.1.7
WBFS Manager 3.0
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
WinRAR archiver
Xilisoft Video Converter 3
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader App 1.01
ZoneAlarm Extreme Security

==== Event Viewer Messages From Past Week ========

2/7/2011 2:55:43 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:41 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:41 PM, error: Service Control Manager [7034] - The WD Drive Manager Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:40 PM, error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
2/7/2011 2:55:39 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:39 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:39 PM, error: Service Control Manager [7034] - The Arcsoft Security Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:38 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 2:55:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/7/2011 2:55:32 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/7/2011 1:15:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
2/7/2011 1:15:12 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/6/2011 11:26:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM archlp AsIO BHDrvx86 ccHP eeCtrl ElbyCDIO Fips SCDEmu SRTSPX SymIRON SYMTDI
2/6/2011 11:25:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/4/2011 6:00:55 PM, error: Service Control Manager [7000] - The VNC Server service failed to start due to the following error: The system cannot find the path specified.
2/4/2011 3:29:30 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
2/3/2011 2:37:44 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/3/2011 2:07:44 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/3/2011 1:52:44 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
 
Oh my goodness! You missed this line in GMER> Warning ! Please, do not select the "Show all" checkbox during the scan.

Please run the following 2 scans, then paste the logs in next reply:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Your subject refers to "multiple machines." Do you mean you have more than one PC connected to the same router and they are all getting redirected and having pop-ups?
 
more logs

I could not get ESET to run after multiple attempts. I uninstalled my virus protection in an attempt to get the program to run and still no luck. I moved on to run CF and the log follows.

Thank you again!


ComboFix 11-02-08.02 - Administrator 02/09/2011 11:34:05.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 03:40 . 2011-02-09 03:40 -------- d-----w- c:\windows\Internet Logs
2011-02-09 03:30 . 2011-02-09 03:30 -------- d-----w- c:\program files\ESET
2011-02-07 20:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 20:09 . 2011-02-07 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-07 20:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 19:52 . 2011-02-07 19:52 -------- d-----w- c:\documents and settings\Administrator\Downloads
2011-02-07 19:32 . 2011-02-07 19:32 -------- d-----w- c:\program files\SonicWallES
2011-02-07 04:40 . 2011-02-07 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2011-02-07 04:39 . 2011-02-07 04:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\CheckPoint
2011-02-07 04:34 . 2011-02-09 03:39 -------- d-----w- c:\program files\CheckPoint
2011-02-04 22:37 . 2011-02-04 22:37 -------- d-----w- c:\program files\iPod
2011-01-29 04:08 . 2011-01-29 04:08 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 04:08 . 2011-01-29 04:08 -------- d-----w- c:\program files\Trend Micro
2011-01-29 04:04 . 2011-01-29 04:04 -------- d-----w- c:\program files\Common Files\Java
2011-01-29 04:04 . 2011-01-29 04:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-29 04:04 . 2011-01-29 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2009-06-27 23:22 81920 ----a-w- c:\windows\system32\isign32.dll
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-09 135664]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-09-28 4529088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-02-03 210216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-7 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-11-11 745472]
UltraMon.lnk - c:\windows\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico [2009-6-29 29310]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 17:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Cadwell\\Cascade\\Cascade.exe"=
"c:\\Cadwell\\Cascade\\CascadeIP.exe"=
"c:\\Cadwell\\Cascade\\DspLoader.exe"=
"c:\\Cadwell\\Cascade\\Cascade Elite Uploader.exe"=
"c:\\Cadwell\\Cascade\\LoadPeripheral.exe"=
"c:\\Cadwell\\Cascade\\EliteConfigurator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/27/2009 9:29 PM 721904]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [1/13/2010 1:59 PM 89728]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [11/22/2009 1:09 PM 80384]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/24/2009 9:38 PM 10448]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 4:12 PM 102400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2010 7:36 AM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/27/2009 6:47 PM 1691480]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [6/27/2009 9:46 PM 472644]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/27/2009 7:07 PM 39456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 05:45]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 05:45]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1547161642-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-09 20:35]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1547161642-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-09 20:35]

2011-02-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 21:28]

2011-02-08 c:\windows\Tasks\User_Feed_Synchronization-{D944F5B2-8B96-4077-B988-72CB79BCB1FE}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 06:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1547161642-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,5a,07,43,72,58,d1,4c,a4,b1,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,13,f6,c8,16,f4,ed,4b,b5,98,1f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,5a,07,43,72,58,d1,4c,a4,b1,de,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,5a,07,43,72,58,d1,4c,a4,b1,de,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,5a,07,43,72,58,d1,4c,a4,b1,de,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-02-09 11:37:49
ComboFix-quarantined-files.txt 2011-02-09 16:37

Pre-Run: 82,673,364,992 bytes free
Post-Run: 82,677,739,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 8BCE36449718B55821F11EFDEB9C70C9
 
Your subject refers to "multiple machines." Do you mean you have more than one PC connected to the same router and they are all getting redirected and having pop-ups?

Security Check> I see Kaspersky and ZoneAlarm in Combofix. Whatever security is on the system should be showing in the Combofix header as either Disabled or Enabled. I don't see anything there.

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
yes i have the same problem with 3 computers and they are all on the same router.

actually now that im thinking about it when my Iphone is on my home network i have had the same problem happen a couple times but not any where near with the same amout of frequency as my computers.

as far as kapersky I may have tried it a few months ago but as far as i can tell it has been uninstalled.

zonealarm is the program i most reacently used but after i was haveing trouble running ESET i uninstalled it to although ESET did not work i left zonealarm uninstalled.

Security check log to follow:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




By the way Thank you again.
 
IF you want to use the Zone Alarm firewall, turn the Windows firewall off.
There is no antivirus program listed! The Eset is demand online scan only. You need AV on system all the time.
Consider one of these> Both of the following programs are free and known to be good:
Avira Free
Avast Home
Please reboot the system after the installation is complete.
============================================
It sounds like one of the removable drive may be infected. Please run the following:
Threat Removal Procedure:

  • [1]. Download Flash_Disinfector and save it to your Desktop.
    [2]. After downloading, double-click on Flash_Disinfector to run it.
    [3]. Just follow the prompts and continue until it begin scanning.
    flash-disinfector.jpg

    [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
    [5]. It will scan removable drives, wait for the scan to finish. Done.

What will Flash Disinfector Do
- Clean up junks created by flash malwares
- Deletes autorun.inf from every root folder
- Fix back damages done to your system
- Creates an autorun.inf folder in the root of your system drives

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=============================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
Folder::
c:\documents and settings\All Users\Application Data\Kaspersky SDK
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
RegLock::
[HKEY_USERS\S-1-5-21-1275210071-1547161642-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
===================
These need to be uninstalled in Add/Remove Programs:
Adobe Flash Player 9>> you do have the current version
Adobe Reader 9.4.1>> you do not have the current version. After uninstall please visit this Adobe Reader site often and make sure you have the most current update.
 
i have now installed avira

i plan to reinstall zonealarm firewall as soon as you tell me its ok and i will turn off windows firewall when i do that. I have uninstalled the 2 adobe files you mentioned and ran CF with the script you created (Thank You again) the log follows:

ComboFix 11-02-11.01 - Administrator 02/11/2011 23:24:02.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1403 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Kaspersky SDK
c:\documents and settings\All Users\Application Data\Kaspersky SDK\storage51F.dat

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 04:07 . 2011-02-12 04:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2011-02-11 16:31 . 2011-02-11 16:31 -------- d-----w- c:\windows\system32\NtmsData
2011-02-11 16:23 . 2011-02-11 16:23 -------- d-----w- c:\program files\Avira
2011-02-11 16:23 . 2011-02-11 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-02-11 16:23 . 2011-01-10 19:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-11 16:23 . 2011-01-10 19:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-11 16:23 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-02-11 16:23 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-02-09 03:40 . 2011-02-09 03:40 -------- d-----w- c:\windows\Internet Logs
2011-02-09 03:30 . 2011-02-09 03:30 -------- d-----w- c:\program files\ESET
2011-02-07 20:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 20:09 . 2011-02-07 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-07 20:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 19:52 . 2011-02-07 19:52 -------- d-----w- c:\documents and settings\Administrator\Downloads
2011-02-07 19:32 . 2011-02-07 19:32 -------- d-----w- c:\program files\SonicWallES
2011-02-07 04:39 . 2011-02-07 04:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\CheckPoint
2011-02-07 04:34 . 2011-02-09 03:39 -------- d-----w- c:\program files\CheckPoint
2011-02-04 22:37 . 2011-02-04 22:37 -------- d-----w- c:\program files\iPod
2011-01-29 04:08 . 2011-01-29 04:08 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-29 04:08 . 2011-01-29 04:08 -------- d-----w- c:\program files\Trend Micro
2011-01-29 04:04 . 2011-01-29 04:04 -------- d-----w- c:\program files\Common Files\Java
2011-01-29 04:04 . 2011-01-29 04:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-29 04:04 . 2011-01-29 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:42 . 2008-04-14 15:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-05-27 20:29 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:14 . 2009-02-09 14:08 1864064 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:32 . 2009-03-24 15:27 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2009-03-08 06:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2009-03-08 06:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2009-03-08 06:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:24 . 2009-02-09 13:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2009-03-08 06:35 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-02-09 13:56 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-14 15:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:47 . 2009-02-06 14:03 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:09 . 2009-02-06 13:30 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2009-06-27 23:22 81920 ----a-w- c:\windows\system32\isign32.dll
.

------- Sigcheck -------

[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-02-09_16.36.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-02-12 04:14 . 2011-02-12 04:14 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
+ 2009-03-08 06:31 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 06:31 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 06:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 06:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 06:33 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2009-03-08 06:33 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2011-02-11 16:23 . 2010-06-17 19:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-06-27 23:45 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-27 23:45 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 06:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 06:31 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-07-28 22:23 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-28 22:23 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 06:34 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 06:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 06:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 06:33 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 15:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 15:00 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-12 05:47 . 2011-01-13 01:55 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-10 08:01 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-03-08 06:34 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2009-03-08 06:34 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2009-03-08 06:32 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2009-03-08 06:32 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
- 2009-03-08 06:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 06:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 06:31 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2009-03-08 06:31 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2009-03-08 16:09 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2009-03-08 16:09 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
- 2009-03-08 06:32 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2009-03-08 06:32 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
- 2009-06-27 17:08 . 2011-01-13 03:23 328296 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-27 17:08 . 2011-02-10 08:19 328296 c:\windows\system32\FNTCACHE.DAT
+ 2009-03-08 06:34 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 06:34 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 15:00 . 2011-01-21 14:42 439808 c:\windows\system32\dllcache\shimgvw.dll
- 2009-03-08 06:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 06:34 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-02-09 13:56 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
- 2009-03-08 06:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 06:32 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-07-28 22:23 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-07-28 22:23 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-09 13:56 . 2010-12-20 17:24 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-02-09 13:56 . 2009-06-26 20:11 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-03-24 15:27 . 2009-06-25 08:41 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-03-24 15:27 . 2010-12-22 12:32 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-27 23:45 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-27 23:45 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 06:31 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 06:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 19:32 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 19:32 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 16:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 16:09 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 06:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 06:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-05-27 20:29 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2008-05-27 20:29 . 2010-10-28 13:08 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-11 16:22 . 2011-02-11 16:22 219648 c:\windows\Installer\6e21400.msi
+ 2009-12-12 05:47 . 2011-02-10 08:01 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-02-10 08:01 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 08:01 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 08:01 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-03-08 06:34 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
- 2009-03-08 06:34 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
- 2009-02-03 17:47 . 2010-07-27 06:28 8463360 c:\windows\system32\shell32.dll
+ 2009-02-03 17:47 . 2011-01-21 14:42 8463360 c:\windows\system32\shell32.dll
+ 2009-03-08 06:41 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
- 2009-03-08 06:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 06:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-09 14:08 . 2010-12-31 13:14 1864064 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 06:34 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2009-03-08 06:34 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2009-02-03 17:47 . 2010-07-27 06:28 8463360 c:\windows\system32\dllcache\shell32.dll
+ 2009-02-03 17:47 . 2011-01-21 14:42 8463360 c:\windows\system32\dllcache\shell32.dll
+ 2009-10-13 22:04 . 2010-12-09 13:43 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-10-13 22:04 . 2010-12-09 13:09 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-04 22:47 . 2010-12-09 23:39 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-10-13 22:04 . 2010-12-09 13:47 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-08 06:41 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
- 2009-06-27 23:45 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-27 23:45 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-11 22:52 . 2011-01-11 22:52 3360768 c:\windows\Installer\6157d2f.msp
+ 2009-12-12 05:47 . 2011-02-10 08:01 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-12 05:47 . 2011-01-13 01:55 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-12 05:47 . 2011-02-10 08:01 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-10 08:01 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-10-13 22:04 . 2010-12-09 13:43 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-10-13 22:04 . 2010-12-09 13:09 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-08-04 22:47 . 2010-12-09 23:39 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-10-13 22:04 . 2010-12-09 13:47 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-06 08:57 . 2011-02-10 08:01 37443528 c:\windows\system32\MRT.exe
- 2009-03-08 06:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2009-03-08 06:39 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
+ 2009-06-27 23:45 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
- 2009-06-27 23:45 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-09 135664]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-09-28 4529088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-02-03 210216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-7 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-11-11 745472]
UltraMon.lnk - c:\windows\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico [2009-6-29 29310]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 17:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Cadwell\\Cascade\\Cascade.exe"=
"c:\\Cadwell\\Cascade\\CascadeIP.exe"=
"c:\\Cadwell\\Cascade\\DspLoader.exe"=
"c:\\Cadwell\\Cascade\\Cascade Elite Uploader.exe"=
"c:\\Cadwell\\Cascade\\LoadPeripheral.exe"=
"c:\\Cadwell\\Cascade\\EliteConfigurator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/27/2009 9:29 PM 721904]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [1/13/2010 1:59 PM 89728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/11/2011 11:23 AM 135336]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [11/22/2009 1:09 PM 80384]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/24/2009 9:38 PM 10448]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 4:12 PM 102400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2010 7:36 AM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/27/2009 6:47 PM 1691480]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [6/27/2009 9:46 PM 472644]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/27/2009 7:07 PM 39456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 05:45]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 05:45]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1547161642-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-09 20:35]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1547161642-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-09 20:35]

2011-02-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 21:28]

2011-02-12 c:\windows\Tasks\User_Feed_Synchronization-{D944F5B2-8B96-4077-B988-72CB79BCB1FE}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 06:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-11 23:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-02-11 23:28:31
ComboFix-quarantined-files.txt 2011-02-12 04:28
ComboFix2.txt 2011-02-09 16:37

Pre-Run: 82,112,008,192 bytes free
Post-Run: 82,120,851,456 bytes free

- - End Of File - - ECEE972F0B956156C4C2BD47614674CB
 
Dan, are you still having the original problems? Are all the machines connected to the router still having them also?

If the 2 questions are a Yes, please do the following:

You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
Let me know if this makes any difference.
 
Bobbye yes im still haveing problem

My problem has changed a little since we started. Now I have removed my external drive from being plugged into my router and plugged it into my pc directly via USB. You were right about it for sure. I ran antivirus again after i plugged it in and it found several problems. It said it was able to fix all of the problems however. the way things have changed with my problem now are when i select a link I am still redirected but its always before the selected site comes up where as previously sometimes the site i originally selected would come up for a moment and then change to a diferrent random site. So to sum up in short.... yes im still getting problems but I have moved my USB drive from my network and placed it directly into my tower USB port. this has fixed the other devices on my system as well so far.

I did the DNS flush as well but that didnt seem to have any effect on my system at all. Maybe i messed it up and didnt do it right? ill try again today.

As Always I thank you so very much for your time and effort..
 
router reset

Did you do the router reset following the DNS flush?

Yes I did but i wasnt sure if i did it right or not ill try again today!

Redid the last step and now I seem to be having absolutely no problems! im gonna test it throughour the next day but THANK YOU SO VERY MUCH! I dont know how to thank you enough for all your help and patients!
 
I am fixed

THANK YOU THANK YOU THANK YOU!!!!!

My problem as you thought was that my removable USB drive was infected. I had it connected directly to my router and that made it not be scanned by any of the AV software i tried. Once you told me you thought it was a External drive that was infected i moved it directly to a usb port on my tower and scanned only to find several viruses and trojans. The AV software you had me run and MBAM software removed all of the threats and potential threats. then i Correctly did the dns dump and reset my router (which did reset my network but that was easy to rebuild) and I am happy to say I have not had a single pop up or redirect issue since this was completed over 48 hours ago..


Again I thank you whole heartedly!!!!!!!!

Dan Reynolds
 
You're very welcome, Dan. I'm glad the system is running clean again. I am hoping you did the Flash Disinfector.

If you think the other machines might be infected, we should run them through the steps also. But you will need a separate thread for each.

For this system though: Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
Let me know if you have any more questions.
 
Status
Not open for further replies.
Back