TechSpot

Help, Infected with Trojan horse Crypt.AQLW

By mclarenrich
Mar 5, 2012
  1. Help, Infected with Trojan horse Crypt.AQLW according to AVG, running win 7, Ran malware bytes found 0 infections, AVG keeps finding the threat repeatedly and does not remove, see a bunch of solutions but not sure which one to follow, medium level computer savvy. Thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    Hello,

    Thank you for responding to my request for assistance, i urgently had to clean my computer yesterday and carefully followed the steps to one of your members as i seemed to have the identical problem.
    The cleaning took a while and after the combo fix restarted the system a couple of times the system seems to be clean running normally and more robust than it ever has been with no apparent malware infections. I have not yet proceeded with the stages after the combo fix stage and have saved all the logs.
    However i realize this does not necessarily mean it is clean, even though its operating normally and all virus scans are clean, how can i confirm this or would you suggest i follow the steps http://www.techspot.com/vb/topic58138.html.

    Thanks again.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    First of all never run Combofix on your own.

    Then if you want to make sure you're clean you need to follow prescribed steps.
     
  5. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    Hello,

    Please see the logs requested for Mbam, GMER and 2 X DDS logs, i will post in 3 replies for ease of viewing.

    There also appears to be anew infection picked up by AVG
    c:\window\system32\drivers\tdx.sys , infection Tojan Horse Agent_r.BCT

    MBAM log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.09.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Mohit McLaren :: MOHITMCLAREN-PC [administrator]

    3/9/2012 8:54:59 AM
    mbam-log-2012-03-09 (08-54-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208168
    Time elapsed: 6 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    GMER Log 1 broken into parts

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-09 10:53:48
    Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\0000006f WDC_WD50 rev.15.0
    Running: dypo0p3u.exe; Driver: C:\Users\MOHITM~1\AppData\Local\Temp\axkiauog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x908AA914]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x908AB1E2]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x908AA36A]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x908A3CA2]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x908C55F2]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x908AAE74]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x908BF4D0]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x908BF8F8]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x908C9C8A]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x908BFD6C]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x908AAFD2]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x908A49DE]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x908C7048]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x908C695E]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x908BE2B0]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x908C7A16]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x908C7C54]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x908C8106]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x908A4590]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0A67F3C]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x908C15DA]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x908C8AEE]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x908C83D0]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x908A9F0E]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x908C9554]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x908AA636]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x908A4DEA]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x908C9078]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x908C60B8]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x908C05F6]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0A67FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0A68080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0A6811C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 82C8E369 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CCEDB4 8 Bytes [14, A9, 8A, 90, E2, B1, 8A, ...] {ADC AL, 0xa9; MOV DL, [EAX-0x6f754e1e]}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CCEE48 4 Bytes [6A, A3, 8A, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11B0 82CCEE65 3 Bytes [3C, 8A, 90] {CMP AL, 0x8a; NOP }
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82CCEE74 4 Bytes [F2, 55, 8C, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11DB 82CCEE90 4 Bytes [74, AE, 8A, 90]
    .text ...
    .text C:\Windows\system32\DRIVERS\tdx.sys section is writeable [0x90D5E000, 0x9AC8, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94E24000, 0x38CD55, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchProtocolHost.exe[556] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[864] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[868] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[948] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[984] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] USER32.dll!GetUpdateRect + CF 76BBA644 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[996] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] user32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1200] user32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\atiesrxx.exe[1300] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1368] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtSetInformationProcess
     
  7. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    GMER Log part 2 continued- broken into parts

    host.exe[1400] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\notepad.exe[2024] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[2252] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2380] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] KERNEL32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2500] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2592] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\PnkBstrA.exe[2616] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2672] USER32.dll!FindWindowW
     
  8. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    GMER Log part 3 continued- broken into parts

    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\conhost.exe[2764] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2820] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] kernel32.dll!SetUnhandledExceptionFilter 7506F4FB 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 39458791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 39458DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 39458D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 394589AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 3945846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 39459036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 39458E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 3945828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\java.exe[3256] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 3945825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[3800] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3828] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\UI0Detect.exe[3928] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Java\jre6\bin\javaw.exe[4008] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
     
  9. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    GMER Log part 4 continued- broken into parts

    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[4460] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Zune\ZuneLauncher.exe[4528] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4548] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] user32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] user32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] advapi32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\My Lockbox\mylbx.exe[4620] advapi32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!GetWindowInfo 76BC4B5E 5 Bytes JMP 5C0C0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!TrackPopupMenu 76BD2228 5 Bytes JMP 5C0C0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!LdrLoadDll 773F223E 5 Bytes JMP 5BF45B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] kernel32.dll!SetUnhandledExceptionFilter 7506F4FB 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] USER32.dll!GetUpdateRect + CF 76BBA644 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!sendto 761034B5 5 Bytes JMP 20B23D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!closesocket 76103918 5 Bytes JMP 20B23BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSASend 76104406 5 Bytes JMP 20B23F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!recv 76106B0E 5 Bytes JMP 20B23C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!send 76106F01 5 Bytes JMP 20B23CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSARecv 76107089 5 Bytes JMP 20B23E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSASendDisconnect 7611B281 5 Bytes JMP 20B2409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSASendTo 7611B30C 5 Bytes JMP 20B23FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[5236] USER32.dll!FindWindowW
     
  10. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    GMER Log part 5 continued- broken into parts

    .text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[5268] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[5384] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[5404] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ADVAPI32.DLL!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ADVAPI32.DLL!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ole32.dll!OleLoadFromStream 76516143 5 Bytes JMP 5DE52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[8156] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchFilterHost.exe[8180] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
     
  11. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    GMER Log part 6 final

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [908AFE18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [908AF626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [908ADD84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [908AF7D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [908AF7D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [908AFE18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [908AF626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [908ADD84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [908AF7D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [908ADD84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [908AFE18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [908AF626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\SearchProtocolHost.exe[556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\spoolsv.exe[864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\wininit.exe[868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\services.exe[948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\lsass.exe[984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!RegisterWaitForSingleObject] [716A1F20] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [716A20F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [750E5965] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [750E596F] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [750E5974] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [750E596A] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Windows\system32\lsm.exe[996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738B2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73895600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738B24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738A8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738A4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738A506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738A5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [738A6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738A826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738A87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738A901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738AE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738A4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\system32\svchost.exe[1112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1200] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\atiesrxx.exe[1300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[1332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1400] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\notepad.exe[2024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\WUDFHost.exe[2252] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Bonjour\mDNSResponder.exe[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[2500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[2592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\PnkBstrA.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[2672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\conhost.exe[2764] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[2820] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\java.exe[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [3945835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[3800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[3828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\UI0Detect.exe[3928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Java\jre6\bin\javaw.exe[4008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\taskeng.exe[4444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[4460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\wbem\wmiprvse.exe[4548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\My Lockbox\mylbx.exe[4620] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Citrix\ICA Client\concentr.exe[4656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\AVG\AVG2012\avgtray.exe[4664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\iPod\bin\iPodService.exe[5236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\wbem\unsecapp.exe[5268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\wbem\wmiprvse.exe[5384] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\SearchIndexer.exe[5404] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [62C94F42] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[6064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\AUDIODG.EXE[8156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\SearchFilterHost.exe[8180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

    ---- EOF - GMER 1.0.15 ----
     
  12. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    Attach.txt Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/28/2011 3:17:04 PM
    System Uptime: 3/9/2012 8:23:48 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
    Processor: AMD Phenom(tm) II X6 1090T Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 339.707 GiB free.
    D: is CDROM (CDFS)
    F: is FIXED (NTFS) - 1863 GiB total, 817.764 GiB free.
    G: is Removable
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP118: 2/26/2012 7:00:16 PM - Windows Backup
    RP119: 2/28/2012 3:00:30 AM - Windows Update
    RP120: 3/3/2012 10:12:49 PM - Installed DisplayLink Core Software
    RP121: 3/3/2012 10:14:10 PM - Installed DisplayLink Graphics
    RP122: 3/3/2012 10:41:35 PM - Installed DisplayLink Core Software
    RP123: 3/4/2012 7:00:16 PM - Windows Backup
    RP124: 3/5/2012 10:52:25 PM - Installed AVG 2012
    RP125: 3/5/2012 10:52:48 PM - Installed AVG 2012
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.6
    AI Direct Link
    Amazon Kindle
    America's Army 3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS RT-N12 Wireless Router Utilities
    ASUS Wireless Router RT-N12 Manuals
    ASUSUpdate
    AVG 2012
    Belarc Advisor 8.2
    BitTorrent
    BitTorrentBar Toolbar
    Bonjour
    Browser Configuration Utility
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Conduit Engine
    Craigs Search Agent Version 3.1
    DAEMON Tools Lite
    DisplayLink Core Software
    DisplayLink Graphics
    DivX Setup
    EPU-4 Engine
    Eye-Fi Center 3.4
    FastStone Image Viewer 4.5
    Free Download Manager 3.0
    Free RAR Extract Frog
    Glucofacts Deluxe Updater 2.0
    Google Chrome
    Google Update Helper
    HP LaserJet Professional CM1410 Series
    HP LJ CM1410 MFP Series HP Scan
    HPLaserJetHelp_LearnCenter
    HPLJUT
    hppCM1410LaserJetService
    hppFaxDrvCM1410
    hppFaxUtilityCM1410
    hppLaserJetService
    hppSendFaxCM1410
    hppTLBXFXCM1410
    hpzTLBXFX
    I.R.I.S. OCR
    Internet TV for Windows Media Center
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 27
    magicJack
    Malwarebytes Anti-Malware version 1.60.1.1000
    MediaMonkey 4.0
    Microsoft .NET Framework 4 Client Profile
    Microsoft Flight Simulator X Demo
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 10.0.2 (x86 en-US)
    Mp3tag v2.49
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    My Lockbox 2.7 Christmas Edition
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    Octoshape add-in for Adobe Flash Player
    Opera 11.52
    PC Probe II
    Platform
    PS3 Media Server
    PunkBuster Services
    QuickTime
    Samsung ML-2510 Series
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Shareaza
    SoundTap Streaming Audio Recorder
    Steam
    Streamripper (Remove only)
    swMSM
    TomTom HOME 2.8.3.2458
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.6195
    VIA Platform Device Manager
    WebEx
    Windows Media Center Add-in for Flash
    Windows Media Center Add-in for Silverlight
    Windows Mobile Device Updater Component
    WinUtilities 10.4 Free Edition
    Wolfenstein - Enemy Territory
    Xvid Video Codec
    YouTube Downloader 3.5
    ZoneAlarm Firewall
    ZoneAlarm Free
    ZoneAlarm Security
    ZoneAlarm Toolbar
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2012 8:25:27 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/9/2012 8:24:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The USA49W2KP service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Tsddd service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Tifmsony service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Si3132 service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Roxmediadb service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Nvatabus service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Nabtsfec service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Mysqlinventime service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Mqdmbus service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Lxrjd31s service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The CTEDSPSY.DLL service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Blueletscoaudio service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Bdftdif service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Bc_filter service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: The specified module could not be found.
    3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The AVRec service terminated with the following error: The specified module could not be found.
    3/8/2012 3:55:27 PM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error Incorrect function..
    3/8/2012 3:54:24 PM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/6/2012 7:59:14 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error The system cannot join or substitute a drive to or for a directory on the same drive..
    3/5/2012 8:20:57 PM, Error: Service Control Manager [7034] - The Si3132 service terminated unexpectedly. It has done this 1 time(s).
    3/5/2012 8:17:58 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    3/5/2012 8:11:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GILCHRIST-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8BFA2696-A29C-48AC-B530-0D48C. The master browser is stopping or an election is being forced.
    3/5/2012 8:05:53 PM, Error: Service Control Manager [7023] - The USA49W2KP service terminated with the following error: Access is denied.
    3/5/2012 7:50:53 PM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied.
    3/5/2012 7:39:18 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    3/5/2012 7:39:18 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/5/2012 7:35:53 PM, Error: Service Control Manager [7023] - The Blueletscoaudio service terminated with the following error: Access is denied.
    3/5/2012 7:20:53 PM, Error: Service Control Manager [7023] - The Roxmediadb service terminated with the following error: Access is denied.
    3/5/2012 7:05:54 PM, Error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: Access is denied.
    3/5/2012 6:50:53 PM, Error: Service Control Manager [7023] - The Tsddd service terminated with the following error: Access is denied.
    3/5/2012 5:14:53 PM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: Access is denied.
    3/5/2012 5:04:54 PM, Error: Service Control Manager [7023] - The CTEDSPSY.DLL service terminated with the following error: Access is denied.
    3/5/2012 4:59:54 PM, Error: Service Control Manager [7023] - The Lxrjd31s service terminated with the following error: Access is denied.
    3/5/2012 4:44:53 PM, Error: Service Control Manager [7023] - The Bc_filter service terminated with the following error: Access is denied.
    3/5/2012 4:29:53 PM, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: Access is denied.
    3/5/2012 4:25:53 PM, Error: Service Control Manager [7023] - The Bdftdif service terminated with the following error: Access is denied.
    3/5/2012 4:14:53 PM, Error: Service Control Manager [7023] - The Mqdmbus service terminated with the following error: Access is denied.
    3/5/2012 3:59:53 PM, Error: Service Control Manager [7023] - The Nabtsfec service terminated with the following error: Access is denied.
    3/5/2012 3:48:52 PM, Error: Service Control Manager [7023] - The Tifmsony service terminated with the following error: Access is denied.
    3/5/2012 3:47:53 PM, Error: Service Control Manager [7023] - The Nvatabus service terminated with the following error: Access is denied.
    3/5/2012 3:44:53 PM, Error: Service Control Manager [7023] - The Mysqlinventime service terminated with the following error: Access is denied.
    3/5/2012 3:43:54 PM, Error: Service Control Manager [7023] - The AVRec service terminated with the following error: Access is denied.
    3/5/2012 10:53:45 PM, Error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The system cannot find the file specified.
    3/5/2012 10:33:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/5/2012 10:25:37 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    3/5/2012 10:25:21 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/5/2012 10:25:21 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    3/5/2012 10:25:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    3/4/2012 3:32:18 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    3/3/2012 10:42:24 PM, Error: Service Control Manager [7030] - The DisplayLinkManager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/3/2012 10:20:17 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.192. The computer with the IP address 192.168.0.190 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
  13. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    DDS.txt Log - error mssg, cannot attach

    Hi

    I am getting this message when i try to attach the dds.txt log, i don't see any images on the txt file and the img tag only appears once, the file is saved as an ansi file, let me know if there's another way i can get it for you to view, thanks.


    Error Mssg:
    You have included 7 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

    Images include use of smilies, the BB code [​IMG]
     
  14. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    Security

    Hi

    There seems to be a lot of internal information displayed, let me know if any of it needs to be deleted as i believe any one on the internet can view it, i am protected by firewall and router, is there anything i need to be aware of to remove from these logs.

    Thanks Again.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Upload DDS.txt here: http://uploadmb.com/
    Copy the link inside the Direct Link box and post it in your next reply.
     
  16. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by Mohit McLaren at 10:55:52 on 2012-03-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1160 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Windows\system32\java.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Program Files\ASUS\AI Direct Link\AsCmd.exe
    C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\My Lockbox\mylbx.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ASUS\AI Direct Link\AsShare.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe
    C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\notepad.exe
    C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.shareazaweb.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [$Volumouse$] "c:\users\mohit mclaren\downloads\volumouse\volumouse.exe" /nodlg
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
    uRun: [cdloader] "c:\users\mohit mclaren\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\hp laserjet professional cm1410 series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [CLSA] c:\program files\good deal software\craigs search agent\search_agent.exe REG_START
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ps3med~1.lnk - c:\program files\ps3 media server\PMS.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\volumo~1.lnk - c:\users\mohit mclaren\downloads\volumouse\volumouse.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8BFA2696-A29C-48AC-B530-0D48CB0637DF} : DhcpNameServer = 192.168.0.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mohit mclaren\appdata\roaming\mozilla\firefox\profiles\o34f03xe.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\users\mohit mclaren\appdata\roaming\mozilla\plugins\npatgpc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-3-3 14448]
    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-12-15 41912]
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-5 11448]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-29 239168]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-3-5 235752]
    R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]
    R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 142336]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
    R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-16 366872]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-6-29 5120]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-12-5 92592]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys [2011-4-10 21888]
    R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-3-3 182896]
    R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-12-23 49240]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-7-7 1102848]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 DivisCTP;Defwatch;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-22 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-22 136176]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-1 1343400]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
    .
    =============== Created Last 30 ================
    .
    2012-03-06 06:55:02 -------- d-----w- c:\users\mohit mclaren\appdata\roaming\AVG2012
    2012-03-06 06:53:15 -------- d-----w- c:\programdata\AVG2012
    2012-03-06 06:52:40 -------- d-----w- c:\program files\AVG
    2012-03-06 04:21:01 98816 ----a-w- c:\windows\sed.exe
    2012-03-06 04:21:01 518144 ----a-w- c:\windows\SWREG.exe
    2012-03-06 04:21:01 256000 ----a-w- c:\windows\PEV.exe
    2012-03-06 04:21:01 208896 ----a-w- c:\windows\MBR.exe
    2012-03-05 23:43:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-04 06:42:44 182896 ----a-w- c:\windows\system32\drivers\dlkmd.sys
    2012-03-04 06:42:44 14448 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
    2012-03-04 06:14:33 -------- d-----w- c:\program files\DisplayLink Graphics
    2012-03-04 06:13:28 -------- d-----w- c:\program files\DisplayLink Core Software
    2012-02-20 15:45:53 -------- d-----w- c:\program files\Belarc
    2012-02-16 00:12:03 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 00:11:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 00:11:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 00:11:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-02-14 15:47:38 -------- d-----w- c:\programdata\Citrix
    2012-02-14 15:47:22 -------- d-----w- c:\users\mohit mclaren\appdata\roaming\ICAClient
    2012-02-14 15:47:22 -------- d-----w- c:\users\mohit mclaren\appdata\local\Citrix
    2012-02-14 15:47:17 -------- d-----w- c:\program files\Citrix
    2012-02-13 19:02:24 -------- d-----w- c:\users\mohit mclaren\Citrix
    .
    ==================== Find3M ====================
    .
    2012-02-16 14:57:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-23 17:23:25 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 10:56:31.02 ===============
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  19. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    aswMBR.txt

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-09 16:14:08
    -----------------------------
    16:14:08.348 OS Version: Windows 6.1.7601 Service Pack 1
    16:14:08.348 Number of processors: 6 586 0xA00
    16:14:08.350 ComputerName: MOHITMCLAREN-PC UserName: Mohit McLaren
    16:14:22.198 Initialize success
    16:15:40.503 AVAST engine defs: 12030900
    16:16:01.645 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006d
    16:16:01.651 Disk 0 Vendor: ST2000DL CC32 Size: 1907729MB BusType: 3
    16:16:01.658 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006f
    16:16:01.662 Disk 1 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
    16:16:01.672 Disk 1 MBR read successfully
    16:16:01.676 Disk 1 MBR scan
    16:16:01.687 Disk 1 Windows 7 default MBR code
    16:16:01.691 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:16:01.701 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    16:16:01.711 Disk 1 scanning sectors +976771072
    16:16:01.790 Disk 1 scanning C:\Windows\system32\drivers
    16:16:10.972 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Alureon-ARC [Rtk]
    16:16:13.416 Disk 1 trace - called modules:
    16:16:13.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
    16:16:13.441 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86c35ac8]
    16:16:13.445 3 CLASSPNP.SYS[8b38759e] -> nt!IofCallDriver -> [0x865e8968]
    16:16:13.449 5 ACPI.sys[8381c3d4] -> nt!IofCallDriver -> \Device\0000006f[0x865dc030]
    16:16:14.545 AVAST engine scan C:\Windows
    16:16:17.778 AVAST engine scan C:\Windows\system32
    16:18:55.182 AVAST engine scan C:\Windows\system32\drivers
    16:19:05.264 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Alureon-ARC [Rtk]
    16:19:09.908 AVAST engine scan C:\Users\Mohit McLaren
    16:49:52.126 AVAST engine scan C:\ProgramData
    16:51:33.591 Scan finished successfully
    18:19:33.757 Disk 1 MBR has been saved successfully to "C:\Users\Mohit McLaren\Desktop\MBR.dat"
    18:19:33.762 The log file has been saved successfully to "C:\Users\Mohit McLaren\Desktop\aswMBR.txt"
     
  20. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    boot cleaner.txt

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`06500000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    Should i press any key to close on boot kit remover, also on aswMBR sould i click the fix button?

    Thanks.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Do NOT fix anything.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    TDS killer report part 1

    19:09:47.0059 5132 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
    19:09:49.0062 5132 ============================================================
    19:09:49.0063 5132 Current date / time: 2012/03/09 19:09:49.0062
    19:09:49.0063 5132 SystemInfo:
    19:09:49.0063 5132
    19:09:49.0063 5132 OS Version: 6.1.7601 ServicePack: 1.0
    19:09:49.0063 5132 Product type: Workstation
    19:09:49.0063 5132 ComputerName: MOHITMCLAREN-PC
    19:09:49.0064 5132 UserName: Mohit McLaren
    19:09:49.0064 5132 Windows directory: C:\Windows
    19:09:49.0064 5132 System windows directory: C:\Windows
    19:09:49.0064 5132 Processor architecture: Intel x86
    19:09:49.0064 5132 Number of processors: 6
    19:09:49.0064 5132 Page size: 0x1000
    19:09:49.0065 5132 Boot type: Normal boot
    19:09:49.0065 5132 ============================================================
    19:09:50.0034 5132 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:09:50.0049 5132 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
    19:09:50.0096 5132 \Device\Harddisk0\DR0:
    19:09:50.0097 5132 MBR used
    19:09:50.0097 5132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    19:09:50.0097 5132 \Device\Harddisk1\DR1:
    19:09:50.0097 5132 MBR used
    19:09:50.0097 5132 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:09:50.0097 5132 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    19:09:50.0146 5132 Initialize success
    19:09:50.0146 5132 ============================================================
    19:10:14.0762 5500 ============================================================
    19:10:14.0762 5500 Scan started
    19:10:14.0762 5500 Mode: Manual;
    19:10:14.0762 5500 ============================================================
    19:10:15.0519 5500 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    19:10:15.0548 5500 1394ohci - ok
    19:10:15.0586 5500 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    19:10:15.0593 5500 ACPI - ok
    19:10:15.0634 5500 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    19:10:15.0636 5500 AcpiPmi - ok
    19:10:15.0671 5500 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    19:10:15.0698 5500 adp94xx - ok
    19:10:15.0728 5500 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    19:10:15.0736 5500 adpahci - ok
    19:10:15.0757 5500 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    19:10:15.0761 5500 adpu320 - ok
    19:10:15.0792 5500 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    19:10:15.0797 5500 AFD - ok
    19:10:15.0829 5500 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    19:10:15.0831 5500 agp440 - ok
    19:10:15.0845 5500 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    19:10:15.0847 5500 aic78xx - ok
    19:10:15.0860 5500 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    19:10:15.0861 5500 aliide - ok
    19:10:15.0897 5500 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    19:10:15.0898 5500 amdagp - ok
    19:10:15.0911 5500 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    19:10:15.0912 5500 amdide - ok
    19:10:15.0927 5500 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    19:10:15.0928 5500 AmdK8 - ok
    19:10:16.0052 5500 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:10:16.0176 5500 amdkmdag - ok
    19:10:16.0194 5500 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
    19:10:16.0197 5500 amdkmdap - ok
    19:10:16.0212 5500 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    19:10:16.0212 5500 AmdPPM - ok
    19:10:16.0246 5500 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    19:10:16.0260 5500 amdsata - ok
    19:10:16.0283 5500 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    19:10:16.0289 5500 amdsbs - ok
    19:10:16.0303 5500 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    19:10:16.0306 5500 amdxata - ok
    19:10:16.0343 5500 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    19:10:16.0347 5500 AppID - ok
    19:10:16.0389 5500 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    19:10:16.0391 5500 arc - ok
    19:10:16.0406 5500 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    19:10:16.0409 5500 arcsas - ok
    19:10:16.0432 5500 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
    19:10:16.0464 5500 AsIO - ok
    19:10:16.0488 5500 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
    19:10:16.0500 5500 AsUpIO - ok
    19:10:16.0520 5500 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:10:16.0523 5500 AsyncMac - ok
    19:10:16.0560 5500 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    19:10:16.0562 5500 atapi - ok
    19:10:16.0607 5500 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    19:10:16.0610 5500 AVGIDSDriver - ok
    19:10:16.0630 5500 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    19:10:16.0632 5500 AVGIDSEH - ok
    19:10:16.0648 5500 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    19:10:16.0650 5500 AVGIDSFilter - ok
    19:10:16.0664 5500 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    19:10:16.0666 5500 AVGIDSShim - ok
    19:10:16.0690 5500 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    19:10:16.0695 5500 Avgldx86 - ok
    19:10:16.0716 5500 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    19:10:16.0718 5500 Avgmfx86 - ok
    19:10:16.0748 5500 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    19:10:16.0750 5500 Avgrkx86 - ok
    19:10:16.0773 5500 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    19:10:16.0778 5500 Avgtdix - ok
    19:10:16.0821 5500 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    19:10:16.0828 5500 b06bdrv - ok
    19:10:16.0851 5500 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    19:10:16.0855 5500 b57nd60x - ok
    19:10:16.0882 5500 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    19:10:16.0884 5500 Beep - ok
    19:10:16.0909 5500 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    19:10:16.0911 5500 blbdrive - ok
    19:10:16.0938 5500 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    19:10:16.0940 5500 bowser - ok
    19:10:16.0954 5500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:10:16.0956 5500 BrFiltLo - ok
    19:10:16.0977 5500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:10:16.0978 5500 BrFiltUp - ok
    19:10:17.0013 5500 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    19:10:17.0016 5500 BridgeMP - ok
    19:10:17.0038 5500 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    19:10:17.0043 5500 Brserid - ok
    19:10:17.0057 5500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    19:10:17.0060 5500 BrSerWdm - ok
    19:10:17.0072 5500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:10:17.0074 5500 BrUsbMdm - ok
    19:10:17.0088 5500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    19:10:17.0089 5500 BrUsbSer - ok
    19:10:17.0101 5500 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    19:10:17.0103 5500 BTHMODEM - ok
    19:10:17.0187 5500 catchme - ok
    19:10:17.0290 5500 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    19:10:17.0292 5500 cdfs - ok
    19:10:17.0333 5500 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    19:10:17.0338 5500 cdrom - ok
    19:10:17.0359 5500 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    19:10:17.0361 5500 circlass - ok
    19:10:17.0385 5500 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    19:10:17.0389 5500 CLFS - ok
    19:10:17.0405 5500 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:10:17.0406 5500 CmBatt - ok
    19:10:17.0436 5500 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    19:10:17.0439 5500 cmdide - ok
    19:10:17.0480 5500 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    19:10:17.0490 5500 CNG - ok
    19:10:17.0505 5500 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    19:10:17.0507 5500 Compbatt - ok
    19:10:17.0542 5500 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    19:10:17.0543 5500 CompositeBus - ok
    19:10:17.0579 5500 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    19:10:17.0581 5500 crcdisk - ok
    19:10:17.0655 5500 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
    19:10:17.0672 5500 ctxusbm - ok
    19:10:17.0713 5500 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    19:10:17.0716 5500 DfsC - ok
    19:10:17.0751 5500 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
    19:10:17.0753 5500 DgiVecp - ok
    19:10:17.0770 5500 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    19:10:17.0772 5500 discache - ok
    19:10:17.0791 5500 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    19:10:17.0792 5500 Disk - ok
    19:10:17.0843 5500 DisplayLinkUsbPort (adccc97ad9af22d019428b6773f23150) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
    19:10:17.0847 5500 DisplayLinkUsbPort - ok
    19:10:17.0895 5500 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
    19:10:17.0902 5500 dlkmd - ok
    19:10:17.0944 5500 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
    19:10:17.0959 5500 dlkmdldr - ok
    19:10:18.0000 5500 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    19:10:18.0002 5500 drmkaud - ok
    19:10:18.0047 5500 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    19:10:18.0051 5500 dtsoftbus01 - ok
    19:10:18.0083 5500 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    19:10:18.0093 5500 DXGKrnl - ok
    19:10:18.0171 5500 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    19:10:18.0224 5500 ebdrv - ok
    19:10:18.0263 5500 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    19:10:18.0270 5500 elxstor - ok
    19:10:18.0302 5500 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    19:10:18.0303 5500 ErrDev - ok
    19:10:18.0344 5500 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    19:10:18.0350 5500 exfat - ok
    19:10:18.0373 5500 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    19:10:18.0376 5500 fastfat - ok
    19:10:18.0398 5500 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    19:10:18.0399 5500 fdc - ok
    19:10:18.0417 5500 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    19:10:18.0419 5500 FileInfo - ok
    19:10:18.0438 5500 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    19:10:18.0439 5500 Filetrace - ok
    19:10:18.0452 5500 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:10:18.0453 5500 flpydisk - ok
    19:10:18.0474 5500 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    19:10:18.0477 5500 FltMgr - ok
    19:10:18.0496 5500 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    19:10:18.0497 5500 FsDepends - ok
    19:10:18.0530 5500 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
    19:10:18.0532 5500 FSProFilter - ok
    19:10:18.0543 5500 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    19:10:18.0545 5500 Fs_Rec - ok
    19:10:18.0587 5500 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    19:10:18.0595 5500 fvevol - ok
    19:10:18.0609 5500 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:10:18.0614 5500 gagp30kx - ok
    19:10:18.0652 5500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:10:18.0657 5500 GEARAspiWDM - ok
    19:10:18.0697 5500 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    19:10:18.0700 5500 hcw85cir - ok
    19:10:18.0735 5500 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    19:10:18.0741 5500 HdAudAddService - ok
    19:10:18.0772 5500 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    19:10:18.0775 5500 HDAudBus - ok
    19:10:18.0791 5500 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    19:10:18.0793 5500 HidBatt - ok
    19:10:18.0809 5500 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    19:10:18.0812 5500 HidBth - ok
    19:10:18.0824 5500 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    19:10:18.0827 5500 HidIr - ok
    19:10:18.0840 5500 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    19:10:18.0842 5500 HidUsb - ok
    19:10:18.0882 5500 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    19:10:18.0885 5500 HpSAMD - ok
    19:10:18.0930 5500 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    19:10:18.0938 5500 HTTP - ok
    19:10:18.0982 5500 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    19:10:18.0986 5500 hwpolicy - ok
    19:10:19.0025 5500 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    19:10:19.0030 5500 i8042prt - ok
    19:10:19.0076 5500 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    19:10:19.0081 5500 iaStorV - ok
    19:10:19.0105 5500 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    19:10:19.0108 5500 iirsp - ok
    19:10:19.0129 5500 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    19:10:19.0131 5500 intelide - ok
    19:10:19.0145 5500 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    19:10:19.0148 5500 intelppm - ok
    19:10:19.0171 5500 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:10:19.0174 5500 IpFilterDriver - ok
    19:10:19.0224 5500 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    19:10:19.0229 5500 IPMIDRV - ok
    19:10:19.0249 5500 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    19:10:19.0255 5500 IPNAT - ok
    19:10:19.0276 5500 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    19:10:19.0279 5500 IRENUM - ok
    19:10:19.0299 5500 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    19:10:19.0302 5500 isapnp - ok
    19:10:19.0342 5500 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    19:10:19.0347 5500 iScsiPrt - ok
    19:10:19.0413 5500 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    19:10:19.0426 5500 ISWKL - ok
    19:10:19.0459 5500 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    19:10:19.0462 5500 kbdclass - ok
    19:10:19.0500 5500 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    19:10:19.0504 5500 kbdhid - ok
    19:10:19.0553 5500 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    19:10:19.0556 5500 KSecDD - ok
    19:10:19.0575 5500 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    19:10:19.0579 5500 KSecPkg - ok
    19:10:19.0619 5500 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:10:19.0622 5500 lltdio - ok
    19:10:19.0647 5500 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:10:19.0650 5500 LSI_FC - ok
    19:10:19.0664 5500 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:10:19.0667 5500 LSI_SAS - ok
    19:10:19.0684 5500 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:10:19.0687 5500 LSI_SAS2 - ok
    19:10:19.0702 5500 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:10:19.0705 5500 LSI_SCSI - ok
    19:10:19.0727 5500 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    19:10:19.0731 5500 luafv - ok
    19:10:19.0750 5500 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    19:10:19.0752 5500 megasas - ok
    19:10:19.0774 5500 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    19:10:19.0779 5500 MegaSR - ok
    19:10:19.0797 5500 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    19:10:19.0799 5500 Modem - ok
    19:10:19.0812 5500 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    19:10:19.0815 5500 monitor - ok
    19:10:19.0849 5500 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    19:10:19.0851 5500 mouclass - ok
    19:10:19.0862 5500 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    19:10:19.0865 5500 mouhid - ok
    19:10:19.0904 5500 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    19:10:19.0909 5500 mountmgr - ok
    19:10:19.0946 5500 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    19:10:19.0950 5500 mpio - ok
    19:10:19.0963 5500 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    19:10:19.0966 5500 mpsdrv - ok
    19:10:20.0015 5500 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    19:10:20.0019 5500 MRxDAV - ok
    19:10:20.0047 5500 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:10:20.0066 5500 mrxsmb - ok
    19:10:20.0103 5500 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:10:20.0109 5500 mrxsmb10 - ok
    19:10:20.0136 5500 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:10:20.0142 5500 mrxsmb20 - ok
    19:10:20.0180 5500 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    19:10:20.0182 5500 msahci - ok
    19:10:20.0216 5500 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    19:10:20.0219 5500 msdsm - ok
    19:10:20.0250 5500 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    19:10:20.0253 5500 Msfs - ok
    19:10:20.0275 5500 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    19:10:20.0277 5500 mshidkmdf - ok
    19:10:20.0312 5500 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    19:10:20.0315 5500 msisadrv - ok
    19:10:20.0334 5500 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    19:10:20.0337 5500 MSKSSRV - ok
    19:10:20.0354 5500 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:10:20.0357 5500 MSPCLOCK - ok
    19:10:20.0364 5500 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    19:10:20.0367 5500 MSPQM - ok
    19:10:20.0387 5500 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    19:10:20.0391 5500 MsRPC - ok
    19:10:20.0407 5500 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    19:10:20.0409 5500 mssmbios - ok
    19:10:20.0428 5500 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    19:10:20.0430 5500 MSTEE - ok
    19:10:20.0449 5500 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    19:10:20.0452 5500 MTConfig - ok
    19:10:20.0480 5500 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
    19:10:20.0496 5500 MTsensor - ok
    19:10:20.0518 5500 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    19:10:20.0523 5500 Mup - ok
    19:10:20.0545 5500 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    19:10:20.0550 5500 NativeWifiP - ok
    19:10:20.0597 5500 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    19:10:20.0620 5500 NDIS - ok
    19:10:20.0638 5500 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    19:10:20.0640 5500 NdisCap - ok
    19:10:20.0653 5500 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:10:20.0655 5500 NdisTapi - ok
    19:10:20.0690 5500 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:10:20.0692 5500 Ndisuio - ok
    19:10:20.0724 5500 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:10:20.0727 5500 NdisWan - ok
    19:10:20.0763 5500 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    19:10:20.0764 5500 NDProxy - ok
    19:10:20.0780 5500 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    19:10:20.0781 5500 NetBIOS - ok
    19:10:20.0820 5500 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    19:10:20.0823 5500 NetBT - ok
    19:10:20.0845 5500 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    19:10:20.0847 5500 nfrd960 - ok
    19:10:20.0862 5500 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    19:10:20.0863 5500 Npfs - ok
    19:10:20.0877 5500 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    19:10:20.0878 5500 nsiproxy - ok
    19:10:20.0932 5500 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    19:10:20.0969 5500 Ntfs - ok
    19:10:20.0987 5500 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    19:10:20.0990 5500 Null - ok
    19:10:21.0020 5500 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    19:10:21.0027 5500 NVENETFD - ok
    19:10:21.0053 5500 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
    19:10:21.0058 5500 NVNET - ok
    19:10:21.0098 5500 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    19:10:21.0105 5500 nvraid - ok
    19:10:21.0152 5500 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    19:10:21.0156 5500 nvstor - ok
    19:10:21.0190 5500 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
    19:10:21.0197 5500 nvstor32 - ok
    19:10:21.0246 5500 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    19:10:21.0252 5500 nv_agp - ok
    19:10:21.0309 5500 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    19:10:21.0314 5500 ohci1394 - ok
    19:10:21.0361 5500 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    19:10:21.0364 5500 Parport - ok
    19:10:21.0401 5500 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    19:10:21.0407 5500 partmgr - ok
    19:10:21.0427 5500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    19:10:21.0429 5500 Parvdm - ok
    19:10:21.0455 5500 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    19:10:21.0489 5500 pci - ok
    19:10:21.0591 5500 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    19:10:21.0596 5500 pciide - ok
    19:10:21.0618 5500 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    19:10:21.0627 5500 pcmcia - ok
    19:10:21.0646 5500 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    19:10:21.0652 5500 pcw - ok
    19:10:21.0687 5500 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    19:10:21.0707 5500 PEAUTH - ok
    19:10:21.0768 5500 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    19:10:21.0770 5500 PptpMiniport - ok
    19:10:21.0785 5500 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    19:10:21.0787 5500 Processor - ok
    19:10:21.0810 5500 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    19:10:21.0812 5500 Psched - ok
    19:10:21.0841 5500 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    19:10:21.0865 5500 ql2300 - ok
    19:10:21.0879 5500 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    19:10:21.0881 5500 ql40xx - ok
    19:10:21.0895 5500 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    19:10:21.0896 5500 QWAVEdrv - ok
    19:10:21.0908 5500 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    19:10:21.0909 5500 RasAcd - ok
    19:10:21.0935 5500 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:10:21.0936 5500 RasAgileVpn - ok
    19:10:21.0956 5500 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:10:21.0958 5500 Rasl2tp - ok
    19:10:21.0974 5500 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:10:21.0976 5500 RasPppoe - ok
    19:10:21.0994 5500 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    19:10:21.0996 5500 RasSstp - ok
    19:10:22.0042 5500 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    19:10:22.0051 5500 rdbss - ok
    19:10:22.0077 5500 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    19:10:22.0082 5500 rdpbus - ok
    19:10:22.0119 5500 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:10:22.0124 5500 RDPCDD - ok
    19:10:22.0147 5500 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    19:10:22.0150 5500 RDPENCDD - ok
    19:10:22.0166 5500 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    19:10:22.0169 5500 RDPREFMP - ok
    19:10:22.0206 5500 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    19:10:22.0210 5500 RDPWD - ok
    19:10:22.0252 5500 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    19:10:22.0255 5500 rdyboost - ok
    19:10:22.0297 5500 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    19:10:22.0299 5500 rspndr - ok
    19:10:22.0335 5500 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    19:10:22.0337 5500 sbp2port - ok
    19:10:22.0368 5500 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    19:10:22.0370 5500 scfilter - ok
    19:10:22.0387 5500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:10:22.0389 5500 secdrv - ok
    19:10:22.0410 5500 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    19:10:22.0412 5500 Serenum - ok
    19:10:22.0424 5500 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    19:10:22.0426 5500 Serial - ok
    19:10:22.0459 5500 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    19:10:22.0461 5500 sermouse - ok
    19:10:22.0497 5500 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    19:10:22.0498 5500 sffdisk - ok
    19:10:22.0511 5500 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    19:10:22.0513 5500 sffp_mmc - ok
    19:10:22.0530 5500 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    19:10:22.0531 5500 sffp_sd - ok
    19:10:22.0546 5500 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    19:10:22.0548 5500 sfloppy - ok
    19:10:22.0601 5500 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    19:10:22.0607 5500 sisagp - ok
    19:10:22.0628 5500 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:10:22.0631 5500 SiSRaid2 - ok
    19:10:22.0649 5500 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    19:10:22.0652 5500 SiSRaid4 - ok
    19:10:22.0664 5500 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    19:10:22.0668 5500 Smb - ok
    19:10:22.0707 5500 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    19:10:22.0709 5500 spldr - ok
    19:10:22.0744 5500 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    19:10:22.0754 5500 srv - ok
    19:10:22.0783 5500 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    19:10:22.0789 5500 srv2 - ok
    19:10:22.0819 5500 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    19:10:22.0823 5500 srvnet - ok
    19:10:22.0867 5500 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    19:10:22.0872 5500 SSPORT - ok
    19:10:22.0913 5500 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
    19:10:22.0916 5500 stdriver - ok
    19:10:22.0946 5500 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    19:10:22.0949 5500 stexstor - ok
    19:10:22.0974 5500 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    19:10:22.0977 5500 StillCam - ok
    19:10:23.0013 5500 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    19:10:23.0016 5500 swenum - ok
    19:10:23.0088 5500 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    19:10:23.0128 5500 Tcpip - ok
    19:10:23.0152 5500 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    19:10:23.0161 5500 TCPIP6 - ok
    19:10:23.0200 5500 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    19:10:23.0203 5500 tcpipreg - ok
    19:10:23.0238 5500 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    19:10:23.0241 5500 TDPIPE - ok
    19:10:23.0256 5500 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    19:10:23.0259 5500 TDTCP - ok
    19:10:23.0295 5500 tdx (05f7a6e7b7b0fb8eb0a3c111467bc4e4) C:\Windows\system32\DRIVERS\tdx.sys
    19:10:23.0307 5500 tdx - ok
    19:10:23.0342 5500 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    19:10:23.0345 5500 TermDD - ok
    19:10:23.0396 5500 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:10:23.0397 5500 tssecsrv - ok
    19:10:23.0436 5500 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    19:10:23.0438 5500 TsUsbFlt - ok
    19:10:23.0467 5500 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    19:10:23.0470 5500 tunnel - ok
    19:10:23.0491 5500 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    19:10:23.0493 5500 uagp35 - ok
    19:10:23.0526 5500 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    19:10:23.0536 5500 udfs - ok
    19:10:23.0575 5500 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    19:10:23.0578 5500 uliagpkx - ok
    19:10:23.0617 5500 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    19:10:23.0624 5500 umbus - ok
    19:10:23.0646 5500 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    19:10:23.0649 5500 UmPass - ok
    19:10:23.0691 5500 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    19:10:23.0695 5500 usbaudio - ok
    19:10:23.0733 5500 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:10:23.0737 5500 usbccgp - ok
    19:10:23.0770 5500 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    19:10:23.0773 5500 usbcir - ok
    19:10:23.0802 5500 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:10:23.0805 5500 usbehci - ok
    19:10:23.0827 5500 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    19:10:23.0832 5500 usbhub - ok
    19:10:23.0848 5500 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    19:10:23.0850 5500 usbohci - ok
    19:10:23.0882 5500 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    19:10:23.0885 5500 usbprint - ok
    19:10:23.0907 5500 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:10:23.0914 5500 USBSTOR - ok
    19:10:23.0934 5500 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    19:10:23.0940 5500 usbuhci - ok
    19:10:23.0994 5500 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    19:10:24.0001 5500 vdrvroot - ok
    19:10:24.0030 5500 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:10:24.0036 5500 vga - ok
    19:10:24.0055 5500 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    19:10:24.0062 5500 VgaSave - ok
    19:10:24.0104 5500 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    19:10:24.0112 5500 vhdmp - ok
    19:10:24.0139 5500 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    19:10:24.0143 5500 viaagp - ok
    19:10:24.0160 5500 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    19:10:24.0164 5500 ViaC7 - ok
    19:10:24.0203 5500 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
    19:10:24.0232 5500 VIAHdAudAddService - ok
    19:10:24.0249 5500 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    19:10:24.0253 5500 viaide - ok
    19:10:24.0286 5500 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    19:10:24.0290 5500 volmgr - ok
    19:10:24.0307 5500 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    19:10:24.0314 5500 volmgrx - ok
    19:10:24.0348 5500 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    19:10:24.0354 5500 volsnap - ok
    19:10:24.0389 5500 Vsdatant (6292c794ba68e0f46a6d45468461afe1) C:\Windows\system32\DRIVERS\vsdatant.sys
    19:10:24.0397 5500 Vsdatant - ok
    19:10:24.0422 5500 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    19:10:24.0427 5500 vsmraid - ok
    19:10:24.0448 5500 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    19:10:24.0451 5500 vwifibus - ok
    19:10:24.0477 5500 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    19:10:24.0480 5500 WacomPen - ok
    19:10:24.0514 5500 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    19:10:24.0517 5500 WANARP - ok
    19:10:24.0520 5500 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    19:10:24.0522 5500 Wanarpv6 - ok
    19:10:24.0544 5500 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    19:10:24.0546 5500 Wd - ok
    19:10:24.0565 5500 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    19:10:24.0571 5500 Wdf01000 - ok
    19:10:24.0599 5500 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    19:10:24.0602 5500 WfpLwf - ok
    19:10:24.0621 5500 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    19:10:24.0623 5500 WIMMount - ok
    19:10:24.0674 5500 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    19:10:24.0677 5500 WinUsb - ok
    19:10:24.0710 5500 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    19:10:24.0712 5500 WmiAcpi - ok
    19:10:24.0744 5500 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:10:24.0747 5500 ws2ifsl - ok
    19:10:24.0768 5500 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
    19:10:24.0771 5500 WSDPrintDevice - ok
    19:10:24.0811 5500 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    19:10:24.0814 5500 WudfPf - ok
    19:10:24.0833 5500 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:10:24.0841 5500 WUDFRd - ok
    19:10:24.0889 5500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    19:10:24.0891 5500 \Device\Harddisk0\DR0 - ok
    19:10:24.0907 5500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    19:10:24.0964 5500 \Device\Harddisk1\DR1 - ok
    19:10:24.0970 5500 Boot (0x1200) (8d9be5adbfdd6a18b838a1335bf884cb) \Device\Harddisk0\DR0\Partition0
    19:10:24.0971 5500 \Device\Harddisk0\DR0\Partition0 - ok
    19:10:24.0976 5500 Boot (0x1200) (38039933152dc7e0abd8a49c890d7d85) \Device\Harddisk1\DR1\Partition0
    19:10:24.0977 5500 \Device\Harddisk1\DR1\Partition0 - ok
    19:10:24.0987 5500 Boot (0x1200) (57152ee3068b186e7e2cc932c04c5265) \Device\Harddisk1\DR1\Partition1
    19:10:24.0988 5500 \Device\Harddisk1\DR1\Partition1 - ok
    19:10:24.0990 5500 ============================================================
    19:10:24.0990 5500 Scan finished
    19:10:24.0990 5500 ============================================================
    19:10:25.0006 6512 Detected object count: 0
    19:10:25.0006 6512 Actual detected object count: 0
    19:11:14.0619 7004 ============================================================
    19:11:14.0619 7004 Scan started
    19:11:14.0619 7004 Mode: Manual;
     
  23. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    TDS killer report part 2 final

    19:11:14.0619 7004 ============================================================
    19:11:15.0291 7004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    19:11:15.0294 7004 1394ohci - ok
    19:11:15.0315 7004 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    19:11:15.0318 7004 ACPI - ok
    19:11:15.0348 7004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    19:11:15.0349 7004 AcpiPmi - ok
    19:11:15.0383 7004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    19:11:15.0387 7004 adp94xx - ok
    19:11:15.0407 7004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    19:11:15.0411 7004 adpahci - ok
    19:11:15.0430 7004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    19:11:15.0432 7004 adpu320 - ok
    19:11:15.0456 7004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    19:11:15.0460 7004 AFD - ok
    19:11:15.0494 7004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    19:11:15.0495 7004 agp440 - ok
    19:11:15.0509 7004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    19:11:15.0511 7004 aic78xx - ok
    19:11:15.0525 7004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    19:11:15.0526 7004 aliide - ok
    19:11:15.0562 7004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    19:11:15.0563 7004 amdagp - ok
    19:11:15.0576 7004 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    19:11:15.0577 7004 amdide - ok
    19:11:15.0592 7004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    19:11:15.0593 7004 AmdK8 - ok
    19:11:15.0731 7004 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:11:15.0763 7004 amdkmdag - ok
    19:11:15.0784 7004 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
    19:11:15.0785 7004 amdkmdap - ok
    19:11:15.0801 7004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    19:11:15.0802 7004 AmdPPM - ok
    19:11:15.0836 7004 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    19:11:15.0839 7004 amdsata - ok
    19:11:15.0864 7004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    19:11:15.0868 7004 amdsbs - ok
    19:11:15.0884 7004 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    19:11:15.0885 7004 amdxata - ok
    19:11:15.0916 7004 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    19:11:15.0919 7004 AppID - ok
    19:11:15.0954 7004 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    19:11:15.0955 7004 arc - ok
    19:11:15.0971 7004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    19:11:15.0972 7004 arcsas - ok
    19:11:15.0996 7004 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
    19:11:15.0998 7004 AsIO - ok
    19:11:16.0027 7004 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
    19:11:16.0028 7004 AsUpIO - ok
    19:11:16.0043 7004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:11:16.0044 7004 AsyncMac - ok
    19:11:16.0142 7004 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    19:11:16.0144 7004 atapi - ok
    19:11:16.0180 7004 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    19:11:16.0182 7004 AVGIDSDriver - ok
    19:11:16.0195 7004 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    19:11:16.0196 7004 AVGIDSEH - ok
    19:11:16.0212 7004 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    19:11:16.0214 7004 AVGIDSFilter - ok
    19:11:16.0229 7004 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    19:11:16.0230 7004 AVGIDSShim - ok
    19:11:16.0255 7004 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
    19:11:16.0258 7004 Avgldx86 - ok
    19:11:16.0272 7004 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    19:11:16.0274 7004 Avgmfx86 - ok
    19:11:16.0304 7004 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    19:11:16.0307 7004 Avgrkx86 - ok
    19:11:16.0329 7004 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    19:11:16.0332 7004 Avgtdix - ok
    19:11:16.0369 7004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    19:11:16.0374 7004 b06bdrv - ok
    19:11:16.0391 7004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    19:11:16.0393 7004 b57nd60x - ok
    19:11:16.0413 7004 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    19:11:16.0414 7004 Beep - ok
    19:11:16.0432 7004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    19:11:16.0433 7004 blbdrive - ok
    19:11:16.0461 7004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    19:11:16.0463 7004 bowser - ok
    19:11:16.0477 7004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:11:16.0478 7004 BrFiltLo - ok
    19:11:16.0499 7004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:11:16.0500 7004 BrFiltUp - ok
    19:11:16.0511 7004 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    19:11:16.0512 7004 BridgeMP - ok
    19:11:16.0527 7004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    19:11:16.0529 7004 Brserid - ok
    19:11:16.0547 7004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    19:11:16.0548 7004 BrSerWdm - ok
    19:11:16.0562 7004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:11:16.0562 7004 BrUsbMdm - ok
    19:11:16.0569 7004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    19:11:16.0569 7004 BrUsbSer - ok
    19:11:16.0582 7004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    19:11:16.0583 7004 BTHMODEM - ok
    19:11:16.0636 7004 catchme - ok
    19:11:16.0664 7004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    19:11:16.0665 7004 cdfs - ok
    19:11:16.0697 7004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    19:11:16.0698 7004 cdrom - ok
    19:11:16.0715 7004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    19:11:16.0716 7004 circlass - ok
    19:11:16.0742 7004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    19:11:16.0745 7004 CLFS - ok
    19:11:16.0761 7004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:11:16.0762 7004 CmBatt - ok
    19:11:16.0793 7004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    19:11:16.0794 7004 cmdide - ok
    19:11:16.0837 7004 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    19:11:16.0839 7004 CNG - ok
    19:11:16.0853 7004 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    19:11:16.0854 7004 Compbatt - ok
    19:11:16.0889 7004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    19:11:16.0890 7004 CompositeBus - ok
    19:11:16.0910 7004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    19:11:16.0911 7004 crcdisk - ok
    19:11:16.0944 7004 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
    19:11:16.0945 7004 ctxusbm - ok
    19:11:16.0978 7004 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    19:11:16.0979 7004 DfsC - ok
    19:11:17.0016 7004 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
    19:11:17.0019 7004 DgiVecp - ok
    19:11:17.0044 7004 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    19:11:17.0047 7004 discache - ok
    19:11:17.0064 7004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    19:11:17.0066 7004 Disk - ok
    19:11:17.0107 7004 DisplayLinkUsbPort (adccc97ad9af22d019428b6773f23150) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
    19:11:17.0111 7004 DisplayLinkUsbPort - ok
    19:11:17.0168 7004 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
    19:11:17.0170 7004 dlkmd - ok
    19:11:17.0200 7004 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
    19:11:17.0201 7004 dlkmdldr - ok
    19:11:17.0231 7004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    19:11:17.0233 7004 drmkaud - ok
    19:11:17.0270 7004 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    19:11:17.0273 7004 dtsoftbus01 - ok
    19:11:17.0306 7004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    19:11:17.0312 7004 DXGKrnl - ok
    19:11:17.0414 7004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    19:11:17.0438 7004 ebdrv - ok
    19:11:17.0476 7004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    19:11:17.0478 7004 elxstor - ok
    19:11:17.0508 7004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    19:11:17.0509 7004 ErrDev - ok
    19:11:17.0532 7004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    19:11:17.0534 7004 exfat - ok
    19:11:17.0545 7004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    19:11:17.0547 7004 fastfat - ok
    19:11:17.0562 7004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    19:11:17.0563 7004 fdc - ok
    19:11:17.0582 7004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    19:11:17.0583 7004 FileInfo - ok
    19:11:17.0602 7004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    19:11:17.0603 7004 Filetrace - ok
    19:11:17.0617 7004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:11:17.0618 7004 flpydisk - ok
    19:11:17.0630 7004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    19:11:17.0632 7004 FltMgr - ok
    19:11:17.0652 7004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    19:11:17.0653 7004 FsDepends - ok
    19:11:17.0687 7004 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
    19:11:17.0690 7004 FSProFilter - ok
    19:11:17.0708 7004 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    19:11:17.0711 7004 Fs_Rec - ok
    19:11:17.0760 7004 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    19:11:17.0766 7004 fvevol - ok
    19:11:17.0775 7004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:11:17.0777 7004 gagp30kx - ok
    19:11:17.0817 7004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:11:17.0818 7004 GEARAspiWDM - ok
    19:11:17.0837 7004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    19:11:17.0839 7004 hcw85cir - ok
    19:11:17.0875 7004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    19:11:17.0878 7004 HdAudAddService - ok
    19:11:17.0911 7004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    19:11:17.0914 7004 HDAudBus - ok
    19:11:17.0931 7004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    19:11:17.0932 7004 HidBatt - ok
    19:11:17.0948 7004 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    19:11:17.0951 7004 HidBth - ok
    19:11:17.0964 7004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    19:11:17.0966 7004 HidIr - ok
    19:11:17.0980 7004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    19:11:17.0981 7004 HidUsb - ok
    19:11:18.0005 7004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    19:11:18.0007 7004 HpSAMD - ok
    19:11:18.0052 7004 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    19:11:18.0055 7004 HTTP - ok
    19:11:18.0088 7004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    19:11:18.0089 7004 hwpolicy - ok
    19:11:18.0122 7004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    19:11:18.0123 7004 i8042prt - ok
    19:11:18.0165 7004 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    19:11:18.0167 7004 iaStorV - ok
    19:11:18.0195 7004 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    19:11:18.0196 7004 iirsp - ok
    19:11:18.0210 7004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    19:11:18.0212 7004 intelide - ok
    19:11:18.0227 7004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    19:11:18.0228 7004 intelppm - ok
    19:11:18.0244 7004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:11:18.0246 7004 IpFilterDriver - ok
    19:11:18.0279 7004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    19:11:18.0281 7004 IPMIDRV - ok
    19:11:18.0296 7004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    19:11:18.0297 7004 IPNAT - ok
    19:11:18.0316 7004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    19:11:18.0317 7004 IRENUM - ok
    19:11:18.0356 7004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    19:11:18.0360 7004 isapnp - ok
    19:11:18.0400 7004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    19:11:18.0407 7004 iScsiPrt - ok
    19:11:18.0478 7004 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    19:11:18.0481 7004 ISWKL - ok
    19:11:18.0499 7004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    19:11:18.0501 7004 kbdclass - ok
    19:11:18.0539 7004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    19:11:18.0541 7004 kbdhid - ok
    19:11:18.0576 7004 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    19:11:18.0581 7004 KSecDD - ok
    19:11:18.0599 7004 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    19:11:18.0605 7004 KSecPkg - ok
    19:11:18.0642 7004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:11:18.0644 7004 lltdio - ok
    19:11:18.0670 7004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:11:18.0672 7004 LSI_FC - ok
    19:11:18.0687 7004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:11:18.0689 7004 LSI_SAS - ok
    19:11:18.0707 7004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:11:18.0708 7004 LSI_SAS2 - ok
    19:11:18.0724 7004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:11:18.0726 7004 LSI_SCSI - ok
    19:11:18.0742 7004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    19:11:18.0743 7004 luafv - ok
    19:11:18.0764 7004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    19:11:18.0765 7004 megasas - ok
    19:11:18.0780 7004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    19:11:18.0782 7004 MegaSR - ok
    19:11:18.0795 7004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    19:11:18.0796 7004 Modem - ok
    19:11:18.0810 7004 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    19:11:18.0811 7004 monitor - ok
    19:11:18.0847 7004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    19:11:18.0850 7004 mouclass - ok
    19:11:18.0877 7004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    19:11:18.0881 7004 mouhid - ok
    19:11:18.0918 7004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    19:11:18.0919 7004 mountmgr - ok
    19:11:18.0953 7004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    19:11:18.0958 7004 mpio - ok
    19:11:18.0978 7004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    19:11:18.0983 7004 mpsdrv - ok
    19:11:19.0031 7004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    19:11:19.0036 7004 MRxDAV - ok
    19:11:19.0069 7004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:11:19.0071 7004 mrxsmb - ok
    19:11:19.0101 7004 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:11:19.0103 7004 mrxsmb10 - ok
    19:11:19.0117 7004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:11:19.0118 7004 mrxsmb20 - ok
    19:11:19.0153 7004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    19:11:19.0157 7004 msahci - ok
    19:11:19.0198 7004 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    19:11:19.0203 7004 msdsm - ok
    19:11:19.0240 7004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    19:11:19.0242 7004 Msfs - ok
    19:11:19.0256 7004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    19:11:19.0258 7004 mshidkmdf - ok
    19:11:19.0285 7004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    19:11:19.0287 7004 msisadrv - ok
    19:11:19.0307 7004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    19:11:19.0309 7004 MSKSSRV - ok
    19:11:19.0327 7004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:11:19.0329 7004 MSPCLOCK - ok
    19:11:19.0337 7004 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    19:11:19.0339 7004 MSPQM - ok
    19:11:19.0360 7004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    19:11:19.0363 7004 MsRPC - ok
    19:11:19.0380 7004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    19:11:19.0382 7004 mssmbios - ok
    19:11:19.0401 7004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    19:11:19.0403 7004 MSTEE - ok
    19:11:19.0422 7004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    19:11:19.0424 7004 MTConfig - ok
    19:11:19.0453 7004 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
    19:11:19.0454 7004 MTsensor - ok
    19:11:19.0474 7004 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    19:11:19.0476 7004 Mup - ok
    19:11:19.0501 7004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    19:11:19.0505 7004 NativeWifiP - ok
    19:11:19.0549 7004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    19:11:19.0556 7004 NDIS - ok
    19:11:19.0569 7004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    19:11:19.0571 7004 NdisCap - ok
    19:11:19.0585 7004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:11:19.0587 7004 NdisTapi - ok
    19:11:19.0621 7004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:11:19.0624 7004 Ndisuio - ok
    19:11:19.0656 7004 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:11:19.0662 7004 NdisWan - ok
    19:11:19.0703 7004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    19:11:19.0707 7004 NDProxy - ok
    19:11:19.0737 7004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    19:11:19.0741 7004 NetBIOS - ok
    19:11:19.0786 7004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    19:11:19.0793 7004 NetBT - ok
    19:11:19.0843 7004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    19:11:19.0848 7004 nfrd960 - ok
    19:11:19.0877 7004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    19:11:19.0879 7004 Npfs - ok
    19:11:19.0900 7004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    19:11:19.0902 7004 nsiproxy - ok
    19:11:19.0971 7004 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    19:11:19.0988 7004 Ntfs - ok
    19:11:20.0002 7004 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    19:11:20.0003 7004 Null - ok
    19:11:20.0034 7004 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    19:11:20.0036 7004 NVENETFD - ok
    19:11:20.0058 7004 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
    19:11:20.0060 7004 NVNET - ok
    19:11:20.0095 7004 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    19:11:20.0096 7004 nvraid - ok
    19:11:20.0133 7004 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    19:11:20.0134 7004 nvstor - ok
    19:11:20.0161 7004 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
    19:11:20.0163 7004 nvstor32 - ok
    19:11:20.0202 7004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    19:11:20.0207 7004 nv_agp - ok
    19:11:20.0256 7004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    19:11:20.0261 7004 ohci1394 - ok
    19:11:20.0308 7004 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    19:11:20.0310 7004 Parport - ok
    19:11:20.0340 7004 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    19:11:20.0342 7004 partmgr - ok
    19:11:20.0358 7004 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    19:11:20.0362 7004 Parvdm - ok
    19:11:20.0402 7004 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    19:11:20.0406 7004 pci - ok
    19:11:20.0422 7004 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    19:11:20.0425 7004 pciide - ok
    19:11:20.0440 7004 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    19:11:20.0443 7004 pcmcia - ok
    19:11:20.0461 7004 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    19:11:20.0463 7004 pcw - ok
    19:11:20.0490 7004 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    19:11:20.0497 7004 PEAUTH - ok
    19:11:20.0541 7004 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    19:11:20.0542 7004 PptpMiniport - ok
    19:11:20.0558 7004 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    19:11:20.0559 7004 Processor - ok
    19:11:20.0574 7004 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    19:11:20.0576 7004 Psched - ok
    19:11:20.0606 7004 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    19:11:20.0612 7004 ql2300 - ok
    19:11:20.0627 7004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    19:11:20.0628 7004 ql40xx - ok
    19:11:20.0643 7004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    19:11:20.0644 7004 QWAVEdrv - ok
    19:11:20.0656 7004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    19:11:20.0657 7004 RasAcd - ok
    19:11:20.0683 7004 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:11:20.0684 7004 RasAgileVpn - ok
    19:11:20.0704 7004 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:11:20.0706 7004 Rasl2tp - ok
    19:11:20.0722 7004 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:11:20.0724 7004 RasPppoe - ok
    19:11:20.0742 7004 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    19:11:20.0744 7004 RasSstp - ok
    19:11:20.0782 7004 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    19:11:20.0789 7004 rdbss - ok
    19:11:20.0817 7004 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    19:11:20.0821 7004 rdpbus - ok
    19:11:20.0867 7004 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:11:20.0871 7004 RDPCDD - ok
    19:11:20.0895 7004 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    19:11:20.0897 7004 RDPENCDD - ok
    19:11:20.0914 7004 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    19:11:20.0917 7004 RDPREFMP - ok
    19:11:20.0954 7004 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    19:11:20.0957 7004 RDPWD - ok
    19:11:20.0992 7004 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    19:11:20.0995 7004 rdyboost - ok
    19:11:21.0028 7004 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    19:11:21.0031 7004 rspndr - ok
    19:11:21.0067 7004 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    19:11:21.0072 7004 sbp2port - ok
    19:11:21.0116 7004 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    19:11:21.0121 7004 scfilter - ok
    19:11:21.0168 7004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:11:21.0171 7004 secdrv - ok
    19:11:21.0192 7004 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    19:11:21.0194 7004 Serenum - ok
    19:11:21.0214 7004 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    19:11:21.0217 7004 Serial - ok
    19:11:21.0258 7004 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    19:11:21.0260 7004 sermouse - ok
    19:11:21.0303 7004 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    19:11:21.0306 7004 sffdisk - ok
    19:11:21.0326 7004 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    19:11:21.0331 7004 sffp_mmc - ok
    19:11:21.0353 7004 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    19:11:21.0355 7004 sffp_sd - ok
    19:11:21.0369 7004 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    19:11:21.0372 7004 sfloppy - ok
    19:11:21.0415 7004 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    19:11:21.0418 7004 sisagp - ok
    19:11:21.0435 7004 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:11:21.0437 7004 SiSRaid2 - ok
    19:11:21.0455 7004 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    19:11:21.0458 7004 SiSRaid4 - ok
    19:11:21.0471 7004 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    19:11:21.0474 7004 Smb - ok
    19:11:21.0492 7004 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    19:11:21.0494 7004 spldr - ok
    19:11:21.0526 7004 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    19:11:21.0528 7004 srv - ok
    19:11:21.0547 7004 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    19:11:21.0549 7004 srv2 - ok
    19:11:21.0575 7004 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    19:11:21.0577 7004 srvnet - ok
    19:11:21.0606 7004 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    19:11:21.0610 7004 SSPORT - ok
    19:11:21.0653 7004 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
    19:11:21.0659 7004 stdriver - ok
    19:11:21.0694 7004 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    19:11:21.0695 7004 stexstor - ok
    19:11:21.0722 7004 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    19:11:21.0727 7004 StillCam - ok
    19:11:21.0761 7004 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    19:11:21.0763 7004 swenum - ok
    19:11:21.0825 7004 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    19:11:21.0847 7004 Tcpip - ok
    19:11:21.0878 7004 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    19:11:21.0886 7004 TCPIP6 - ok
    19:11:21.0923 7004 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    19:11:21.0925 7004 tcpipreg - ok
    19:11:21.0961 7004 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    19:11:21.0962 7004 TDPIPE - ok
    19:11:21.0979 7004 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    19:11:21.0984 7004 TDTCP - ok
    19:11:22.0018 7004 tdx (05f7a6e7b7b0fb8eb0a3c111467bc4e4) C:\Windows\system32\DRIVERS\tdx.sys
    19:11:22.0041 7004 tdx - ok
    19:11:22.0082 7004 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    19:11:22.0087 7004 TermDD - ok
    19:11:22.0152 7004 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:11:22.0154 7004 tssecsrv - ok
    19:11:22.0192 7004 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    19:11:22.0198 7004 TsUsbFlt - ok
    19:11:22.0241 7004 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    19:11:22.0248 7004 tunnel - ok
    19:11:22.0282 7004 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    19:11:22.0287 7004 uagp35 - ok
    19:11:22.0326 7004 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    19:11:22.0335 7004 udfs - ok
    19:11:22.0381 7004 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    19:11:22.0384 7004 uliagpkx - ok
    19:11:22.0424 7004 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    19:11:22.0429 7004 umbus - ok
    19:11:22.0452 7004 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    19:11:22.0455 7004 UmPass - ok
    19:11:22.0497 7004 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    19:11:22.0501 7004 usbaudio - ok
    19:11:22.0540 7004 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:11:22.0546 7004 usbccgp - ok
    19:11:22.0585 7004 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    19:11:22.0588 7004 usbcir - ok
    19:11:22.0617 7004 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:11:22.0620 7004 usbehci - ok
    19:11:22.0643 7004 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    19:11:22.0647 7004 usbhub - ok
    19:11:22.0662 7004 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    19:11:22.0665 7004 usbohci - ok
    19:11:22.0689 7004 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    19:11:22.0691 7004 usbprint - ok
    19:11:22.0704 7004 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:11:22.0707 7004 USBSTOR - ok
    19:11:22.0724 7004 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    19:11:22.0726 7004 usbuhci - ok
    19:11:22.0759 7004 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    19:11:22.0762 7004 vdrvroot - ok
    19:11:22.0778 7004 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:11:22.0780 7004 vga - ok
    19:11:22.0795 7004 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    19:11:22.0798 7004 VgaSave - ok
    19:11:22.0844 7004 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    19:11:22.0851 7004 vhdmp - ok
    19:11:22.0879 7004 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    19:11:22.0881 7004 viaagp - ok
    19:11:22.0900 7004 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    19:11:22.0902 7004 ViaC7 - ok
    19:11:22.0943 7004 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
    19:11:22.0953 7004 VIAHdAudAddService - ok
    19:11:22.0972 7004 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    19:11:22.0974 7004 viaide - ok
    19:11:23.0010 7004 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    19:11:23.0015 7004 volmgr - ok
    19:11:23.0039 7004 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    19:11:23.0044 7004 volmgrx - ok
    19:11:23.0079 7004 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    19:11:23.0081 7004 volsnap - ok
    19:11:23.0119 7004 Vsdatant (6292c794ba68e0f46a6d45468461afe1) C:\Windows\system32\DRIVERS\vsdatant.sys
    19:11:23.0122 7004 Vsdatant - ok
    19:11:23.0145 7004 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    19:11:23.0147 7004 vsmraid - ok
    19:11:23.0163 7004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    19:11:23.0164 7004 vwifibus - ok
    19:11:23.0183 7004 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    19:11:23.0185 7004 WacomPen - ok
    19:11:23.0220 7004 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    19:11:23.0222 7004 WANARP - ok
    19:11:23.0224 7004 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    19:11:23.0225 7004 Wanarpv6 - ok
    19:11:23.0250 7004 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    19:11:23.0251 7004 Wd - ok
    19:11:23.0271 7004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    19:11:23.0274 7004 Wdf01000 - ok
    19:11:23.0306 7004 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    19:11:23.0307 7004 WfpLwf - ok
    19:11:23.0327 7004 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    19:11:23.0329 7004 WIMMount - ok
    19:11:23.0372 7004 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    19:11:23.0374 7004 WinUsb - ok
    19:11:23.0400 7004 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    19:11:23.0401 7004 WmiAcpi - ok
    19:11:23.0426 7004 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:11:23.0427 7004 ws2ifsl - ok
    19:11:23.0450 7004 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
    19:11:23.0451 7004 WSDPrintDevice - ok
    19:11:23.0484 7004 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    19:11:23.0486 7004 WudfPf - ok
    19:11:23.0504 7004 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:11:23.0506 7004 WUDFRd - ok
    19:11:23.0519 7004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    19:11:23.0520 7004 \Device\Harddisk0\DR0 - ok
    19:11:23.0546 7004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    19:11:23.0604 7004 \Device\Harddisk1\DR1 - ok
    19:11:23.0607 7004 Boot (0x1200) (8d9be5adbfdd6a18b838a1335bf884cb) \Device\Harddisk0\DR0\Partition0
    19:11:23.0608 7004 \Device\Harddisk0\DR0\Partition0 - ok
    19:11:23.0610 7004 Boot (0x1200) (38039933152dc7e0abd8a49c890d7d85) \Device\Harddisk1\DR1\Partition0
    19:11:23.0611 7004 \Device\Harddisk1\DR1\Partition0 - ok
    19:11:23.0618 7004 Boot (0x1200) (57152ee3068b186e7e2cc932c04c5265) \Device\Harddisk1\DR1\Partition1
    19:11:23.0619 7004 \Device\Harddisk1\DR1\Partition1 - ok
    19:11:23.0620 7004 ============================================================
    19:11:23.0620 7004 Scan finished
    19:11:23.0620 7004 ============================================================
    19:11:23.0626 5488 Detected object count: 0
    19:11:23.0626 5488 Actual detected object count: 0
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  25. mclarenrich

    mclarenrich TS Rookie Topic Starter Posts: 34

    ComboFix.txt

    ComboFix 12-03-09.05 - Mohit McLaren 03/09/2012 20:20:13.2.6 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.2116 [GMT -8:00]
    Running from: c:\users\Mohit McLaren\Desktop\ComboFix.exe
    FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\TEMP\jna7453115329215118554.dll
    c:\windows\$NtUninstallKB11742$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-10 04:28 . 2012-03-10 04:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-10 04:28 . 2012-03-10 04:28 -------- d-----w- c:\users\New Profile\AppData\Local\temp
    2012-03-04 06:42 . 2011-04-10 20:07 182896 ----a-w- c:\windows\system32\drivers\dlkmd.sys
    2012-03-04 06:42 . 2011-04-10 20:07 14448 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
    2012-03-04 06:14 . 2012-03-04 06:14 -------- d-----w- c:\program files\DisplayLink Graphics
    2012-03-04 06:13 . 2012-03-04 06:42 -------- d-----w- c:\program files\DisplayLink Core Software
    2012-02-20 15:45 . 2012-02-20 15:45 -------- d-----w- c:\program files\Belarc
    2012-02-16 00:12 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 00:11 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 00:11 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 00:11 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-02-14 15:47 . 2012-02-14 15:47 -------- d-----w- c:\programdata\Citrix
    2012-02-14 15:47 . 2012-02-14 15:52 -------- d-----w- c:\users\Mohit McLaren\AppData\Roaming\ICAClient
    2012-02-14 15:47 . 2012-02-14 15:47 -------- d-----w- c:\users\Mohit McLaren\AppData\Local\Citrix
    2012-02-14 15:47 . 2012-02-14 15:47 -------- d-----w- c:\program files\Citrix
    2012-02-13 19:02 . 2012-02-13 21:59 -------- d-----w- c:\users\Mohit McLaren\Citrix
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-16 14:57 . 2011-06-29 02:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-23 17:23 . 2011-12-23 17:23 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
    2009-09-13 07:05 . 2009-09-13 07:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2009-09-13 07:06 . 2009-09-13 07:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2009-09-13 07:06 . 2009-09-13 07:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2009-09-13 07:06 . 2009-09-13 07:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2009-09-13 07:06 . 2009-09-13 07:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2009-09-13 07:07 . 2009-09-13 07:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2009-09-13 07:06 . 2009-09-13 07:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2009-09-13 07:06 . 2009-09-13 07:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2009-08-14 21:33 . 2009-08-14 21:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2009-09-13 07:06 . 2009-09-13 07:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2012-02-17 18:04 . 2011-06-28 22:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 08:39 . 05F7A6E7B7B0FB8EB0A3C111467BC4E4 . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
    [-] 2010-11-20 08:39 . 05F7A6E7B7B0FB8EB0A3C111467BC4E4 . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "$Volumouse$"="c:\users\Mohit McLaren\Downloads\volumouse\volumouse.exe" [2011-06-29 33280]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
    "cdloader"="c:\users\Mohit McLaren\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-12-05 247728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
    "HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 2460472]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2011-04-15 536576]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-12-07 2136384]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "CLSA"="c:\program files\Good Deal Software\Craigs Search Agent\search_agent.exe" [2011-08-10 3009763]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PS3 Media Server.lnk - c:\program files\PS3 Media Server\PMS.exe [2011-6-16 432749]
    volumouse - Shortcut.lnk - c:\users\Mohit McLaren\Downloads\volumouse\volumouse.exe [2009-8-5 33280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 136176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1343400]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
    S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 14448]
    S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-23 41912]
    S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-09 65584]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-30 239168]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
    S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
    S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 5240168]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 27016]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 497280]
    S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-04 5120]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
    S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-11 21888]
    S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 182896]
    S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-12-23 49240]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-07-29 1102848]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rootmodem
    pepifilter
    rdnaoflsvc
    ccflic0
    SMNDIS5
    smbusp
    oracleorahomemanagementserver
    PGPsdkDriver
    cportclm
    BoiHwsetup
    isapisearch
    DivisCTP
    w300bus
    se2Dnd5
    hprfdev
    XTrapD12
    IPFilter
    nwlnkipx
    PSSdk21
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 19:06]
    .
    2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 19:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.shareazaweb.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Mohit McLaren\AppData\Roaming\Mozilla\Firefox\Profiles\o34f03xe.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(624)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'Explorer.exe'(4704)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\java.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    c:\windows\system32\UI0Detect.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
    c:\windows\system32\taskhost.exe
    c:\program files\ASUS\AI Direct Link\AsCmd.exe
    c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
    c:\windows\system32\conhost.exe
    c:\program files\ASUS\AI Direct Link\AsShare.exe
    c:\windows\system32\AUDIODG.EXE
    c:\program files\Citrix\ICA Client\wfcrun32.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Java\jre6\bin\javaw.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Steam\SteamService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-09 20:40:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-10 04:40
    ComboFix2.txt 2012-03-06 06:46
    .
    Pre-Run: 368,400,543,744 bytes free
    Post-Run: 368,393,060,352 bytes free
    .
    - - End Of File - - 3ED3DA27B5409AD6F7455A674A9A7257
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...