Solved Help, Infected with Trojan horse Crypt.AQLW

[mclarenrich]

Help, Infected with Trojan horse Crypt.AQLW according to AVG, running win 7, Ran malware bytes found 0 infections, AVG keeps finding the threat repeatedly and does not remove, see a bunch of solutions but not sure which one to follow, medium level computer savvy. Thanks.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[mclarenrich]

Hello,

Thank you for responding to my request for assistance, i urgently had to clean my computer yesterday and carefully followed the steps to one of your members as i seemed to have the identical problem.
The cleaning took a while and after the combo fix restarted the system a couple of times the system seems to be clean running normally and more robust than it ever has been with no apparent malware infections. I have not yet proceeded with the stages after the combo fix stage and have saved all the logs.
However i realize this does not necessarily mean it is clean, even though its operating normally and all virus scans are clean, how can i confirm this or would you suggest i follow the steps https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/.

Thanks again.

 

[Broni]

First of all never run Combofix on your own.

Then if you want to make sure you're clean you need to follow prescribed steps.

 

[mclarenrich]

Hello,

Please see the logs requested for Mbam, GMER and 2 X DDS logs, i will post in 3 replies for ease of viewing.

There also appears to be anew infection picked up by AVG
c:\window\system32\drivers\tdx.sys , infection Tojan Horse Agent_r.BCT

MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mohit McLaren :: MOHITMCLAREN-PC [administrator]

3/9/2012 8:54:59 AM
mbam-log-2012-03-09 (08-54-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208168
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[mclarenrich]

GMER Log 1 broken into parts

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-09 10:53:48
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\0000006f WDC_WD50 rev.15.0
Running: dypo0p3u.exe; Driver: C:\Users\MOHITM~1\AppData\Local\Temp\axkiauog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x908AA914]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x908AB1E2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x908AA36A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x908A3CA2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x908C55F2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x908AAE74]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x908BF4D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x908BF8F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x908C9C8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x908BFD6C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x908AAFD2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x908A49DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x908C7048]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x908C695E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x908BE2B0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x908C7A16]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x908C7C54]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x908C8106]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x908A4590]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0A67F3C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x908C15DA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x908C8AEE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x908C83D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x908A9F0E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x908C9554]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x908AA636]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x908A4DEA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x908C9078]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x908C60B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x908C05F6]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0A67FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0A68080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0A6811C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C8E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CCEDB4 8 Bytes [14, A9, 8A, 90, E2, B1, 8A, ...] {ADC AL, 0xa9; MOV DL, [EAX-0x6f754e1e]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CCEE48 4 Bytes [6A, A3, 8A, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B0 82CCEE65 3 Bytes [3C, 8A, 90] {CMP AL, 0x8a; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82CCEE74 4 Bytes [F2, 55, 8C, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11DB 82CCEE90 4 Bytes [74, AE, 8A, 90]
.text ...
.text C:\Windows\system32\DRIVERS\tdx.sys section is writeable [0x90D5E000, 0x9AC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94E24000, 0x38CD55, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[556] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[864] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[868] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[948] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[984] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] USER32.dll!GetUpdateRect + CF 76BBA644 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[996] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] user32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1200] user32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[1300] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1368] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtSetInformationProcess

 

[mclarenrich]

GMER Log part 2 continued- broken into parts

host.exe[1400] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\notepad.exe[2024] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2252] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2380] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] KERNEL32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2500] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2592] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2616] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2672] USER32.dll!FindWindowW

 

[mclarenrich]

GMER Log part 3 continued- broken into parts

.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[2764] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2820] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] kernel32.dll!SetUnhandledExceptionFilter 7506F4FB 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 39458791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 39458DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 39458D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 394589AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 3945846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 39459036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 39458E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 3945828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\java.exe[3256] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 3945825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3800] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3828] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\UI0Detect.exe[3928] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\javaw.exe[4008] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

 

[mclarenrich]

GMER Log part 4 continued- broken into parts

.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4460] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zune\ZuneLauncher.exe[4528] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4548] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4572] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] user32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] user32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] advapi32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\My Lockbox\mylbx.exe[4620] advapi32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4656] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgtray.exe[4664] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!GetWindowInfo 76BC4B5E 5 Bytes JMP 5C0C0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] USER32.dll!TrackPopupMenu 76BD2228 5 Bytes JMP 5C0C0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ntdll.dll!LdrLoadDll 773F223E 5 Bytes JMP 5BF45B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] kernel32.dll!SetUnhandledExceptionFilter 7506F4FB 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] USER32.dll!GetUpdateRect + CF 76BBA644 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!sendto 761034B5 5 Bytes JMP 20B23D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!closesocket 76103918 5 Bytes JMP 20B23BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSASend 76104406 5 Bytes JMP 20B23F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!recv 76106B0E 5 Bytes JMP 20B23C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!send 76106F01 5 Bytes JMP 20B23CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSARecv 76107089 5 Bytes JMP 20B23E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSASendDisconnect 7611B281 5 Bytes JMP 20B2409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5104] WS2_32.dll!WSASendTo 7611B30C 5 Bytes JMP 20B23FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[5236] USER32.dll!FindWindowW

 

[mclarenrich]

GMER Log part 5 continued- broken into parts

.text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[5268] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5384] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[5404] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ADVAPI32.DLL!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] ADVAPI32.DLL!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] ole32.dll!OleLoadFromStream 76516143 5 Bytes JMP 5DE52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[6064] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[8156] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtAccessCheckByType 773D51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtAlpcImpersonateClientOfPort 773D53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtImpersonateClientOfPort 773D5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] ntdll.dll!NtSetInformationProcess 773D6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] kernel32.dll!OpenProcess 7506549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] ADVAPI32.dll!SetThreadToken 7667C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] ADVAPI32.dll!ImpersonateNamedPipeClient 766B3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] USER32.dll!FindWindowA 76BB8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[8180] USER32.dll!FindWindowW 76BBAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

 

[mclarenrich]

GMER Log part 6 final

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [908AFE18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [908AF626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [908ADD84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [908AF7D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [908AF7D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [908AFE18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [908AF626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [908ADD84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [908AF7D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [908ADD84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [908AFE18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [908AF626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\SearchProtocolHost.exe[556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\spoolsv.exe[864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wininit.exe[868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!RegisterWaitForSingleObject] [716A1F20] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [716A20F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [750E5965] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [750E596F] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [750E5974] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [750E596A] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\lsm.exe[996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738B2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73895600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738B24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738A8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738A4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738A506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738A5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [738A6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738A826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738A87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738A901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738AE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738A4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1200] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\atiesrxx.exe[1300] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1400] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe[1672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\notepad.exe[2024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\WUDFHost.exe[2252] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2296] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[2360] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[2428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[2500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[2592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\PnkBstrA.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\PS3 Media Server\win32\service\wrapper.exe[2692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\conhost.exe[2764] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2820] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\java.exe[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [3945835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[3800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\UI0Detect.exe[3928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\javaw.exe[4008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe[4220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\Samsung\PanelMgr\SSMMgr.exe[4292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\taskeng.exe[4444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\iTunes\iTunesHelper.exe[4460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[4528] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\My Lockbox\mylbx.exe[4620] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Citrix\ICA Client\concentr.exe[4656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\AVG\AVG2012\avgtray.exe[4664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Citrix\ICA Client\wfcrun32.exe[4740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[4972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[5072] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\iPod\bin\iPodService.exe[5236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\unsecapp.exe[5268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\wmiprvse.exe[5384] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\SearchIndexer.exe[5404] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\ASUS\AI Direct Link\AsShare.exe[5540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[5924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [62C94F42] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[5972] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74C2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe[5976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[6064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe[6140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe[6720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\AUDIODG.EXE[8156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\SearchFilterHost.exe[8180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- EOF - GMER 1.0.15 ----

 

[mclarenrich]

Attach.txt Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2011 3:17:04 PM
System Uptime: 3/9/2012 8:23:48 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
Processor: AMD Phenom(tm) II X6 1090T Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 339.707 GiB free.
D: is CDROM (CDFS)
F: is FIXED (NTFS) - 1863 GiB total, 817.764 GiB free.
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 2/26/2012 7:00:16 PM - Windows Backup
RP119: 2/28/2012 3:00:30 AM - Windows Update
RP120: 3/3/2012 10:12:49 PM - Installed DisplayLink Core Software
RP121: 3/3/2012 10:14:10 PM - Installed DisplayLink Graphics
RP122: 3/3/2012 10:41:35 PM - Installed DisplayLink Core Software
RP123: 3/4/2012 7:00:16 PM - Windows Backup
RP124: 3/5/2012 10:52:25 PM - Installed AVG 2012
RP125: 3/5/2012 10:52:48 PM - Installed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AI Direct Link
Amazon Kindle
America's Army 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS RT-N12 Wireless Router Utilities
ASUS Wireless Router RT-N12 Manuals
ASUSUpdate
AVG 2012
Belarc Advisor 8.2
BitTorrent
BitTorrentBar Toolbar
Bonjour
Browser Configuration Utility
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conduit Engine
Craigs Search Agent Version 3.1
DAEMON Tools Lite
DisplayLink Core Software
DisplayLink Graphics
DivX Setup
EPU-4 Engine
Eye-Fi Center 3.4
FastStone Image Viewer 4.5
Free Download Manager 3.0
Free RAR Extract Frog
Glucofacts Deluxe Updater 2.0
Google Chrome
Google Update Helper
HP LaserJet Professional CM1410 Series
HP LJ CM1410 MFP Series HP Scan
HPLaserJetHelp_LearnCenter
HPLJUT
hppCM1410LaserJetService
hppFaxDrvCM1410
hppFaxUtilityCM1410
hppLaserJetService
hppSendFaxCM1410
hppTLBXFXCM1410
hpzTLBXFX
I.R.I.S. OCR
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java(TM) 6 Update 27
magicJack
Malwarebytes Anti-Malware version 1.60.1.1000
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft Flight Simulator X Demo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
Mp3tag v2.49
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My Lockbox 2.7 Christmas Edition
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Octoshape add-in for Adobe Flash Player
Opera 11.52
PC Probe II
Platform
PS3 Media Server
PunkBuster Services
QuickTime
Samsung ML-2510 Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shareaza
SoundTap Streaming Audio Recorder
Steam
Streamripper (Remove only)
swMSM
TomTom HOME 2.8.3.2458
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
WebEx
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Windows Mobile Device Updater Component
WinUtilities 10.4 Free Edition
Wolfenstein - Enemy Territory
Xvid Video Codec
YouTube Downloader 3.5
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 8:25:27 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/9/2012 8:24:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The USA49W2KP service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Tsddd service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Tifmsony service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Si3132 service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Roxmediadb service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Nvatabus service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Nabtsfec service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Mysqlinventime service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Mqdmbus service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Lxrjd31s service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The CTEDSPSY.DLL service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Blueletscoaudio service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Bdftdif service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Bc_filter service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: The specified module could not be found.
3/9/2012 8:24:27 AM, Error: Service Control Manager [7023] - The AVRec service terminated with the following error: The specified module could not be found.
3/8/2012 3:55:27 PM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error Incorrect function..
3/8/2012 3:54:24 PM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/6/2012 7:59:14 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error The system cannot join or substitute a drive to or for a directory on the same drive..
3/5/2012 8:20:57 PM, Error: Service Control Manager [7034] - The Si3132 service terminated unexpectedly. It has done this 1 time(s).
3/5/2012 8:17:58 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/5/2012 8:11:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GILCHRIST-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8BFA2696-A29C-48AC-B530-0D48C. The master browser is stopping or an election is being forced.
3/5/2012 8:05:53 PM, Error: Service Control Manager [7023] - The USA49W2KP service terminated with the following error: Access is denied.
3/5/2012 7:50:53 PM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied.
3/5/2012 7:39:18 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/5/2012 7:39:18 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/5/2012 7:35:53 PM, Error: Service Control Manager [7023] - The Blueletscoaudio service terminated with the following error: Access is denied.
3/5/2012 7:20:53 PM, Error: Service Control Manager [7023] - The Roxmediadb service terminated with the following error: Access is denied.
3/5/2012 7:05:54 PM, Error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: Access is denied.
3/5/2012 6:50:53 PM, Error: Service Control Manager [7023] - The Tsddd service terminated with the following error: Access is denied.
3/5/2012 5:14:53 PM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: Access is denied.
3/5/2012 5:04:54 PM, Error: Service Control Manager [7023] - The CTEDSPSY.DLL service terminated with the following error: Access is denied.
3/5/2012 4:59:54 PM, Error: Service Control Manager [7023] - The Lxrjd31s service terminated with the following error: Access is denied.
3/5/2012 4:44:53 PM, Error: Service Control Manager [7023] - The Bc_filter service terminated with the following error: Access is denied.
3/5/2012 4:29:53 PM, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: Access is denied.
3/5/2012 4:25:53 PM, Error: Service Control Manager [7023] - The Bdftdif service terminated with the following error: Access is denied.
3/5/2012 4:14:53 PM, Error: Service Control Manager [7023] - The Mqdmbus service terminated with the following error: Access is denied.
3/5/2012 3:59:53 PM, Error: Service Control Manager [7023] - The Nabtsfec service terminated with the following error: Access is denied.
3/5/2012 3:48:52 PM, Error: Service Control Manager [7023] - The Tifmsony service terminated with the following error: Access is denied.
3/5/2012 3:47:53 PM, Error: Service Control Manager [7023] - The Nvatabus service terminated with the following error: Access is denied.
3/5/2012 3:44:53 PM, Error: Service Control Manager [7023] - The Mysqlinventime service terminated with the following error: Access is denied.
3/5/2012 3:43:54 PM, Error: Service Control Manager [7023] - The AVRec service terminated with the following error: Access is denied.
3/5/2012 10:53:45 PM, Error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The system cannot find the file specified.
3/5/2012 10:33:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/5/2012 10:25:37 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/5/2012 10:25:21 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/5/2012 10:25:21 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/5/2012 10:25:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/4/2012 3:32:18 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/3/2012 10:42:24 PM, Error: Service Control Manager [7030] - The DisplayLinkManager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2012 10:20:17 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.192. The computer with the IP address 192.168.0.190 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

 

[mclarenrich]

Security

Hi

There seems to be a lot of internal information displayed, let me know if any of it needs to be deleted as i believe any one on the internet can view it, i am protected by firewall and router, is there anything i need to be aware of to remove from these logs.

Thanks Again.

 

[Broni]

Upload DDS.txt here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

 

[mclarenrich]

DDS.txt Log Link

Hi

Here is the link from direct link box for DDS.txt, thanks.

http://www.uploadmb.com/dw.php?id=1331330005

 

[Broni]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Mohit McLaren at 10:55:52 on 2012-03-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1160 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\java.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\ASUS\AI Direct Link\AsCmd.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Mohit McLaren\Downloads\volumouse\volumouse.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Users\Mohit McLaren\Desktop\dypo0p3u.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.shareazaweb.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [$Volumouse$] "c:\users\mohit mclaren\downloads\volumouse\volumouse.exe" /nodlg
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [cdloader] "c:\users\mohit mclaren\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /fln /frn /appDatan /tmcpn
mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\hp laserjet professional cm1410 series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CLSA] c:\program files\good deal software\craigs search agent\search_agent.exe REG_START
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ps3med~1.lnk - c:\program files\ps3 media server\PMS.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\volumo~1.lnk - c:\users\mohit mclaren\downloads\volumouse\volumouse.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8BFA2696-A29C-48AC-B530-0D48CB0637DF} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mohit mclaren\appdata\roaming\mozilla\firefox\profiles\o34f03xe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\users\mohit mclaren\appdata\roaming\mozilla\plugins\npatgpc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-3-3 14448]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-12-15 41912]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-5 11448]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-29 239168]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-3-5 235752]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 142336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-16 366872]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-6-29 5120]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-12-5 92592]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys [2011-4-10 21888]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-3-3 182896]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-12-23 49240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-7-7 1102848]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DivisCTP;Defwatch;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-22 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-22 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-1 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-03-06 06:55:02 -------- d-----w- c:\users\mohit mclaren\appdata\roaming\AVG2012
2012-03-06 06:53:15 -------- d-----w- c:\programdata\AVG2012
2012-03-06 06:52:40 -------- d-----w- c:\program files\AVG
2012-03-06 04:21:01 98816 ----a-w- c:\windows\sed.exe
2012-03-06 04:21:01 518144 ----a-w- c:\windows\SWREG.exe
2012-03-06 04:21:01 256000 ----a-w- c:\windows\PEV.exe
2012-03-06 04:21:01 208896 ----a-w- c:\windows\MBR.exe
2012-03-05 23:43:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-04 06:42:44 182896 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2012-03-04 06:42:44 14448 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2012-03-04 06:14:33 -------- d-----w- c:\program files\DisplayLink Graphics
2012-03-04 06:13:28 -------- d-----w- c:\program files\DisplayLink Core Software
2012-02-20 15:45:53 -------- d-----w- c:\program files\Belarc
2012-02-16 00:12:03 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 00:11:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:11:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 00:11:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 15:47:38 -------- d-----w- c:\programdata\Citrix
2012-02-14 15:47:22 -------- d-----w- c:\users\mohit mclaren\appdata\roaming\ICAClient
2012-02-14 15:47:22 -------- d-----w- c:\users\mohit mclaren\appdata\local\Citrix
2012-02-14 15:47:17 -------- d-----w- c:\program files\Citrix
2012-02-13 19:02:24 -------- d-----w- c:\users\mohit mclaren\Citrix
.
==================== Find3M ====================
.
2012-02-16 14:57:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 17:23:25 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:56:31.02 ===============

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[mclarenrich]

aswMBR.txt

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 16:14:08
-----------------------------
16:14:08.348 OS Version: Windows 6.1.7601 Service Pack 1
16:14:08.348 Number of processors: 6 586 0xA00
16:14:08.350 ComputerName: MOHITMCLAREN-PC UserName: Mohit McLaren
16:14:22.198 Initialize success
16:15:40.503 AVAST engine defs: 12030900
16:16:01.645 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006d
16:16:01.651 Disk 0 Vendor: ST2000DL CC32 Size: 1907729MB BusType: 3
16:16:01.658 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006f
16:16:01.662 Disk 1 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
16:16:01.672 Disk 1 MBR read successfully
16:16:01.676 Disk 1 MBR scan
16:16:01.687 Disk 1 Windows 7 default MBR code
16:16:01.691 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:16:01.701 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
16:16:01.711 Disk 1 scanning sectors +976771072
16:16:01.790 Disk 1 scanning C:\Windows\system32\drivers
16:16:10.972 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Alureon-ARC [Rtk]
16:16:13.416 Disk 1 trace - called modules:
16:16:13.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
16:16:13.441 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86c35ac8]
16:16:13.445 3 CLASSPNP.SYS[8b38759e] -> nt!IofCallDriver -> [0x865e8968]
16:16:13.449 5 ACPI.sys[8381c3d4] -> nt!IofCallDriver -> \Device\0000006f[0x865dc030]
16:16:14.545 AVAST engine scan C:\Windows
16:16:17.778 AVAST engine scan C:\Windows\system32
16:18:55.182 AVAST engine scan C:\Windows\system32\drivers
16:19:05.264 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Alureon-ARC [Rtk]
16:19:09.908 AVAST engine scan C:\Users\Mohit McLaren
16:49:52.126 AVAST engine scan C:\ProgramData
16:51:33.591 Scan finished successfully
18:19:33.757 Disk 1 MBR has been saved successfully to "C:\Users\Mohit McLaren\Desktop\MBR.dat"
18:19:33.762 The log file has been saved successfully to "C:\Users\Mohit McLaren\Desktop\aswMBR.txt"

 

[mclarenrich]

boot cleaner.txt

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`06500000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


Should i press any key to close on boot kit remover, also on aswMBR sould i click the fix button?

Thanks.

 

[Broni]

Do NOT fix anything.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[mclarenrich]

TDS killer report part 1

19:09:47.0059 5132 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:09:49.0062 5132 ============================================================
19:09:49.0063 5132 Current date / time: 2012/03/09 19:09:49.0062
19:09:49.0063 5132 SystemInfo:
19:09:49.0063 5132
19:09:49.0063 5132 OS Version: 6.1.7601 ServicePack: 1.0
19:09:49.0063 5132 Product type: Workstation
19:09:49.0063 5132 ComputerName: MOHITMCLAREN-PC
19:09:49.0064 5132 UserName: Mohit McLaren
19:09:49.0064 5132 Windows directory: C:\Windows
19:09:49.0064 5132 System windows directory: C:\Windows
19:09:49.0064 5132 Processor architecture: Intel x86
19:09:49.0064 5132 Number of processors: 6
19:09:49.0064 5132 Page size: 0x1000
19:09:49.0065 5132 Boot type: Normal boot
19:09:49.0065 5132 ============================================================
19:09:50.0034 5132 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:09:50.0049 5132 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
19:09:50.0096 5132 \Device\Harddisk0\DR0:
19:09:50.0097 5132 MBR used
19:09:50.0097 5132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:09:50.0097 5132 \Device\Harddisk1\DR1:
19:09:50.0097 5132 MBR used
19:09:50.0097 5132 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:09:50.0097 5132 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:09:50.0146 5132 Initialize success
19:09:50.0146 5132 ============================================================
19:10:14.0762 5500 ============================================================
19:10:14.0762 5500 Scan started
19:10:14.0762 5500 Mode: Manual;
19:10:14.0762 5500 ============================================================
19:10:15.0519 5500 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:10:15.0548 5500 1394ohci - ok
19:10:15.0586 5500 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:10:15.0593 5500 ACPI - ok
19:10:15.0634 5500 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:10:15.0636 5500 AcpiPmi - ok
19:10:15.0671 5500 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:10:15.0698 5500 adp94xx - ok
19:10:15.0728 5500 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:10:15.0736 5500 adpahci - ok
19:10:15.0757 5500 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:10:15.0761 5500 adpu320 - ok
19:10:15.0792 5500 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:10:15.0797 5500 AFD - ok
19:10:15.0829 5500 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:10:15.0831 5500 agp440 - ok
19:10:15.0845 5500 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:10:15.0847 5500 aic78xx - ok
19:10:15.0860 5500 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:10:15.0861 5500 aliide - ok
19:10:15.0897 5500 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:10:15.0898 5500 amdagp - ok
19:10:15.0911 5500 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:10:15.0912 5500 amdide - ok
19:10:15.0927 5500 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:10:15.0928 5500 AmdK8 - ok
19:10:16.0052 5500 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
19:10:16.0176 5500 amdkmdag - ok
19:10:16.0194 5500 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
19:10:16.0197 5500 amdkmdap - ok
19:10:16.0212 5500 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:10:16.0212 5500 AmdPPM - ok
19:10:16.0246 5500 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:10:16.0260 5500 amdsata - ok
19:10:16.0283 5500 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:10:16.0289 5500 amdsbs - ok
19:10:16.0303 5500 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:10:16.0306 5500 amdxata - ok
19:10:16.0343 5500 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:10:16.0347 5500 AppID - ok
19:10:16.0389 5500 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:10:16.0391 5500 arc - ok
19:10:16.0406 5500 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:10:16.0409 5500 arcsas - ok
19:10:16.0432 5500 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
19:10:16.0464 5500 AsIO - ok
19:10:16.0488 5500 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
19:10:16.0500 5500 AsUpIO - ok
19:10:16.0520 5500 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:10:16.0523 5500 AsyncMac - ok
19:10:16.0560 5500 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:10:16.0562 5500 atapi - ok
19:10:16.0607 5500 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:10:16.0610 5500 AVGIDSDriver - ok
19:10:16.0630 5500 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:10:16.0632 5500 AVGIDSEH - ok
19:10:16.0648 5500 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:10:16.0650 5500 AVGIDSFilter - ok
19:10:16.0664 5500 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:10:16.0666 5500 AVGIDSShim - ok
19:10:16.0690 5500 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
19:10:16.0695 5500 Avgldx86 - ok
19:10:16.0716 5500 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:10:16.0718 5500 Avgmfx86 - ok
19:10:16.0748 5500 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:10:16.0750 5500 Avgrkx86 - ok
19:10:16.0773 5500 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
19:10:16.0778 5500 Avgtdix - ok
19:10:16.0821 5500 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:10:16.0828 5500 b06bdrv - ok
19:10:16.0851 5500 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:10:16.0855 5500 b57nd60x - ok
19:10:16.0882 5500 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:10:16.0884 5500 Beep - ok
19:10:16.0909 5500 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:10:16.0911 5500 blbdrive - ok
19:10:16.0938 5500 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:10:16.0940 5500 bowser - ok
19:10:16.0954 5500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:10:16.0956 5500 BrFiltLo - ok
19:10:16.0977 5500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:10:16.0978 5500 BrFiltUp - ok
19:10:17.0013 5500 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:10:17.0016 5500 BridgeMP - ok
19:10:17.0038 5500 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:10:17.0043 5500 Brserid - ok
19:10:17.0057 5500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:10:17.0060 5500 BrSerWdm - ok
19:10:17.0072 5500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:10:17.0074 5500 BrUsbMdm - ok
19:10:17.0088 5500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:10:17.0089 5500 BrUsbSer - ok
19:10:17.0101 5500 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:10:17.0103 5500 BTHMODEM - ok
19:10:17.0187 5500 catchme - ok
19:10:17.0290 5500 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:10:17.0292 5500 cdfs - ok
19:10:17.0333 5500 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:10:17.0338 5500 cdrom - ok
19:10:17.0359 5500 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:10:17.0361 5500 circlass - ok
19:10:17.0385 5500 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:10:17.0389 5500 CLFS - ok
19:10:17.0405 5500 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:10:17.0406 5500 CmBatt - ok
19:10:17.0436 5500 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:10:17.0439 5500 cmdide - ok
19:10:17.0480 5500 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:10:17.0490 5500 CNG - ok
19:10:17.0505 5500 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:10:17.0507 5500 Compbatt - ok
19:10:17.0542 5500 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:10:17.0543 5500 CompositeBus - ok
19:10:17.0579 5500 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:10:17.0581 5500 crcdisk - ok
19:10:17.0655 5500 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:10:17.0672 5500 ctxusbm - ok
19:10:17.0713 5500 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:10:17.0716 5500 DfsC - ok
19:10:17.0751 5500 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
19:10:17.0753 5500 DgiVecp - ok
19:10:17.0770 5500 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:10:17.0772 5500 discache - ok
19:10:17.0791 5500 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:10:17.0792 5500 Disk - ok
19:10:17.0843 5500 DisplayLinkUsbPort (adccc97ad9af22d019428b6773f23150) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
19:10:17.0847 5500 DisplayLinkUsbPort - ok
19:10:17.0895 5500 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
19:10:17.0902 5500 dlkmd - ok
19:10:17.0944 5500 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
19:10:17.0959 5500 dlkmdldr - ok
19:10:18.0000 5500 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:10:18.0002 5500 drmkaud - ok
19:10:18.0047 5500 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:10:18.0051 5500 dtsoftbus01 - ok
19:10:18.0083 5500 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:10:18.0093 5500 DXGKrnl - ok
19:10:18.0171 5500 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:10:18.0224 5500 ebdrv - ok
19:10:18.0263 5500 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:10:18.0270 5500 elxstor - ok
19:10:18.0302 5500 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:10:18.0303 5500 ErrDev - ok
19:10:18.0344 5500 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:10:18.0350 5500 exfat - ok
19:10:18.0373 5500 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:10:18.0376 5500 fastfat - ok
19:10:18.0398 5500 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:10:18.0399 5500 fdc - ok
19:10:18.0417 5500 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:10:18.0419 5500 FileInfo - ok
19:10:18.0438 5500 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:10:18.0439 5500 Filetrace - ok
19:10:18.0452 5500 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:10:18.0453 5500 flpydisk - ok
19:10:18.0474 5500 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:10:18.0477 5500 FltMgr - ok
19:10:18.0496 5500 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:10:18.0497 5500 FsDepends - ok
19:10:18.0530 5500 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
19:10:18.0532 5500 FSProFilter - ok
19:10:18.0543 5500 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:10:18.0545 5500 Fs_Rec - ok
19:10:18.0587 5500 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:10:18.0595 5500 fvevol - ok
19:10:18.0609 5500 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:10:18.0614 5500 gagp30kx - ok
19:10:18.0652 5500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:10:18.0657 5500 GEARAspiWDM - ok
19:10:18.0697 5500 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:10:18.0700 5500 hcw85cir - ok
19:10:18.0735 5500 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:10:18.0741 5500 HdAudAddService - ok
19:10:18.0772 5500 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:10:18.0775 5500 HDAudBus - ok
19:10:18.0791 5500 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:10:18.0793 5500 HidBatt - ok
19:10:18.0809 5500 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:10:18.0812 5500 HidBth - ok
19:10:18.0824 5500 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:10:18.0827 5500 HidIr - ok
19:10:18.0840 5500 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:10:18.0842 5500 HidUsb - ok
19:10:18.0882 5500 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:10:18.0885 5500 HpSAMD - ok
19:10:18.0930 5500 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:10:18.0938 5500 HTTP - ok
19:10:18.0982 5500 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:10:18.0986 5500 hwpolicy - ok
19:10:19.0025 5500 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:10:19.0030 5500 i8042prt - ok
19:10:19.0076 5500 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:10:19.0081 5500 iaStorV - ok
19:10:19.0105 5500 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:10:19.0108 5500 iirsp - ok
19:10:19.0129 5500 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:10:19.0131 5500 intelide - ok
19:10:19.0145 5500 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:10:19.0148 5500 intelppm - ok
19:10:19.0171 5500 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:10:19.0174 5500 IpFilterDriver - ok
19:10:19.0224 5500 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:10:19.0229 5500 IPMIDRV - ok
19:10:19.0249 5500 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:10:19.0255 5500 IPNAT - ok
19:10:19.0276 5500 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:10:19.0279 5500 IRENUM - ok
19:10:19.0299 5500 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:10:19.0302 5500 isapnp - ok
19:10:19.0342 5500 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:10:19.0347 5500 iScsiPrt - ok
19:10:19.0413 5500 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:10:19.0426 5500 ISWKL - ok
19:10:19.0459 5500 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:10:19.0462 5500 kbdclass - ok
19:10:19.0500 5500 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:10:19.0504 5500 kbdhid - ok
19:10:19.0553 5500 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:10:19.0556 5500 KSecDD - ok
19:10:19.0575 5500 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:10:19.0579 5500 KSecPkg - ok
19:10:19.0619 5500 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:10:19.0622 5500 lltdio - ok
19:10:19.0647 5500 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:10:19.0650 5500 LSI_FC - ok
19:10:19.0664 5500 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:10:19.0667 5500 LSI_SAS - ok
19:10:19.0684 5500 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:10:19.0687 5500 LSI_SAS2 - ok
19:10:19.0702 5500 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:10:19.0705 5500 LSI_SCSI - ok
19:10:19.0727 5500 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:10:19.0731 5500 luafv - ok
19:10:19.0750 5500 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:10:19.0752 5500 megasas - ok
19:10:19.0774 5500 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:10:19.0779 5500 MegaSR - ok
19:10:19.0797 5500 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:10:19.0799 5500 Modem - ok
19:10:19.0812 5500 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:10:19.0815 5500 monitor - ok
19:10:19.0849 5500 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:10:19.0851 5500 mouclass - ok
19:10:19.0862 5500 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:10:19.0865 5500 mouhid - ok
19:10:19.0904 5500 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:10:19.0909 5500 mountmgr - ok
19:10:19.0946 5500 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:10:19.0950 5500 mpio - ok
19:10:19.0963 5500 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:10:19.0966 5500 mpsdrv - ok
19:10:20.0015 5500 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:10:20.0019 5500 MRxDAV - ok
19:10:20.0047 5500 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:10:20.0066 5500 mrxsmb - ok
19:10:20.0103 5500 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:10:20.0109 5500 mrxsmb10 - ok
19:10:20.0136 5500 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:10:20.0142 5500 mrxsmb20 - ok
19:10:20.0180 5500 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:10:20.0182 5500 msahci - ok
19:10:20.0216 5500 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:10:20.0219 5500 msdsm - ok
19:10:20.0250 5500 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:10:20.0253 5500 Msfs - ok
19:10:20.0275 5500 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:10:20.0277 5500 mshidkmdf - ok
19:10:20.0312 5500 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:10:20.0315 5500 msisadrv - ok
19:10:20.0334 5500 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:10:20.0337 5500 MSKSSRV - ok
19:10:20.0354 5500 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:10:20.0357 5500 MSPCLOCK - ok
19:10:20.0364 5500 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:10:20.0367 5500 MSPQM - ok
19:10:20.0387 5500 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:10:20.0391 5500 MsRPC - ok
19:10:20.0407 5500 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:10:20.0409 5500 mssmbios - ok
19:10:20.0428 5500 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:10:20.0430 5500 MSTEE - ok
19:10:20.0449 5500 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:10:20.0452 5500 MTConfig - ok
19:10:20.0480 5500 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
19:10:20.0496 5500 MTsensor - ok
19:10:20.0518 5500 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:10:20.0523 5500 Mup - ok
19:10:20.0545 5500 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:10:20.0550 5500 NativeWifiP - ok
19:10:20.0597 5500 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:10:20.0620 5500 NDIS - ok
19:10:20.0638 5500 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:10:20.0640 5500 NdisCap - ok
19:10:20.0653 5500 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:10:20.0655 5500 NdisTapi - ok
19:10:20.0690 5500 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:10:20.0692 5500 Ndisuio - ok
19:10:20.0724 5500 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:10:20.0727 5500 NdisWan - ok
19:10:20.0763 5500 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:10:20.0764 5500 NDProxy - ok
19:10:20.0780 5500 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:10:20.0781 5500 NetBIOS - ok
19:10:20.0820 5500 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:10:20.0823 5500 NetBT - ok
19:10:20.0845 5500 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:10:20.0847 5500 nfrd960 - ok
19:10:20.0862 5500 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:10:20.0863 5500 Npfs - ok
19:10:20.0877 5500 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:10:20.0878 5500 nsiproxy - ok
19:10:20.0932 5500 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:10:20.0969 5500 Ntfs - ok
19:10:20.0987 5500 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:10:20.0990 5500 Null - ok
19:10:21.0020 5500 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:10:21.0027 5500 NVENETFD - ok
19:10:21.0053 5500 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
19:10:21.0058 5500 NVNET - ok
19:10:21.0098 5500 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:10:21.0105 5500 nvraid - ok
19:10:21.0152 5500 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:10:21.0156 5500 nvstor - ok
19:10:21.0190 5500 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
19:10:21.0197 5500 nvstor32 - ok
19:10:21.0246 5500 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:10:21.0252 5500 nv_agp - ok
19:10:21.0309 5500 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:10:21.0314 5500 ohci1394 - ok
19:10:21.0361 5500 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:10:21.0364 5500 Parport - ok
19:10:21.0401 5500 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:10:21.0407 5500 partmgr - ok
19:10:21.0427 5500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:10:21.0429 5500 Parvdm - ok
19:10:21.0455 5500 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:10:21.0489 5500 pci - ok
19:10:21.0591 5500 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:10:21.0596 5500 pciide - ok
19:10:21.0618 5500 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:10:21.0627 5500 pcmcia - ok
19:10:21.0646 5500 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:10:21.0652 5500 pcw - ok
19:10:21.0687 5500 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:10:21.0707 5500 PEAUTH - ok
19:10:21.0768 5500 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:10:21.0770 5500 PptpMiniport - ok
19:10:21.0785 5500 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:10:21.0787 5500 Processor - ok
19:10:21.0810 5500 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:10:21.0812 5500 Psched - ok
19:10:21.0841 5500 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:10:21.0865 5500 ql2300 - ok
19:10:21.0879 5500 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:10:21.0881 5500 ql40xx - ok
19:10:21.0895 5500 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:10:21.0896 5500 QWAVEdrv - ok
19:10:21.0908 5500 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:10:21.0909 5500 RasAcd - ok
19:10:21.0935 5500 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:10:21.0936 5500 RasAgileVpn - ok
19:10:21.0956 5500 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:10:21.0958 5500 Rasl2tp - ok
19:10:21.0974 5500 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:10:21.0976 5500 RasPppoe - ok
19:10:21.0994 5500 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:10:21.0996 5500 RasSstp - ok
19:10:22.0042 5500 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:10:22.0051 5500 rdbss - ok
19:10:22.0077 5500 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:10:22.0082 5500 rdpbus - ok
19:10:22.0119 5500 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:10:22.0124 5500 RDPCDD - ok
19:10:22.0147 5500 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:10:22.0150 5500 RDPENCDD - ok
19:10:22.0166 5500 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:10:22.0169 5500 RDPREFMP - ok
19:10:22.0206 5500 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:10:22.0210 5500 RDPWD - ok
19:10:22.0252 5500 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:10:22.0255 5500 rdyboost - ok
19:10:22.0297 5500 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:10:22.0299 5500 rspndr - ok
19:10:22.0335 5500 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:10:22.0337 5500 sbp2port - ok
19:10:22.0368 5500 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:10:22.0370 5500 scfilter - ok
19:10:22.0387 5500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:10:22.0389 5500 secdrv - ok
19:10:22.0410 5500 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:10:22.0412 5500 Serenum - ok
19:10:22.0424 5500 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:10:22.0426 5500 Serial - ok
19:10:22.0459 5500 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:10:22.0461 5500 sermouse - ok
19:10:22.0497 5500 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:10:22.0498 5500 sffdisk - ok
19:10:22.0511 5500 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:10:22.0513 5500 sffp_mmc - ok
19:10:22.0530 5500 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:10:22.0531 5500 sffp_sd - ok
19:10:22.0546 5500 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:10:22.0548 5500 sfloppy - ok
19:10:22.0601 5500 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:10:22.0607 5500 sisagp - ok
19:10:22.0628 5500 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:10:22.0631 5500 SiSRaid2 - ok
19:10:22.0649 5500 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:10:22.0652 5500 SiSRaid4 - ok
19:10:22.0664 5500 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:10:22.0668 5500 Smb - ok
19:10:22.0707 5500 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:10:22.0709 5500 spldr - ok
19:10:22.0744 5500 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:10:22.0754 5500 srv - ok
19:10:22.0783 5500 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:10:22.0789 5500 srv2 - ok
19:10:22.0819 5500 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:10:22.0823 5500 srvnet - ok
19:10:22.0867 5500 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
19:10:22.0872 5500 SSPORT - ok
19:10:22.0913 5500 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
19:10:22.0916 5500 stdriver - ok
19:10:22.0946 5500 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:10:22.0949 5500 stexstor - ok
19:10:22.0974 5500 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
19:10:22.0977 5500 StillCam - ok
19:10:23.0013 5500 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:10:23.0016 5500 swenum - ok
19:10:23.0088 5500 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:10:23.0128 5500 Tcpip - ok
19:10:23.0152 5500 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:10:23.0161 5500 TCPIP6 - ok
19:10:23.0200 5500 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:10:23.0203 5500 tcpipreg - ok
19:10:23.0238 5500 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:10:23.0241 5500 TDPIPE - ok
19:10:23.0256 5500 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:10:23.0259 5500 TDTCP - ok
19:10:23.0295 5500 tdx (05f7a6e7b7b0fb8eb0a3c111467bc4e4) C:\Windows\system32\DRIVERS\tdx.sys
19:10:23.0307 5500 tdx - ok
19:10:23.0342 5500 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:10:23.0345 5500 TermDD - ok
19:10:23.0396 5500 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:10:23.0397 5500 tssecsrv - ok
19:10:23.0436 5500 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:10:23.0438 5500 TsUsbFlt - ok
19:10:23.0467 5500 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:10:23.0470 5500 tunnel - ok
19:10:23.0491 5500 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:10:23.0493 5500 uagp35 - ok
19:10:23.0526 5500 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:10:23.0536 5500 udfs - ok
19:10:23.0575 5500 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:10:23.0578 5500 uliagpkx - ok
19:10:23.0617 5500 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
19:10:23.0624 5500 umbus - ok
19:10:23.0646 5500 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:10:23.0649 5500 UmPass - ok
19:10:23.0691 5500 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:10:23.0695 5500 usbaudio - ok
19:10:23.0733 5500 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:10:23.0737 5500 usbccgp - ok
19:10:23.0770 5500 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:10:23.0773 5500 usbcir - ok
19:10:23.0802 5500 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:10:23.0805 5500 usbehci - ok
19:10:23.0827 5500 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:10:23.0832 5500 usbhub - ok
19:10:23.0848 5500 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:10:23.0850 5500 usbohci - ok
19:10:23.0882 5500 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:10:23.0885 5500 usbprint - ok
19:10:23.0907 5500 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:10:23.0914 5500 USBSTOR - ok
19:10:23.0934 5500 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:10:23.0940 5500 usbuhci - ok
19:10:23.0994 5500 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:10:24.0001 5500 vdrvroot - ok
19:10:24.0030 5500 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:10:24.0036 5500 vga - ok
19:10:24.0055 5500 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:10:24.0062 5500 VgaSave - ok
19:10:24.0104 5500 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:10:24.0112 5500 vhdmp - ok
19:10:24.0139 5500 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:10:24.0143 5500 viaagp - ok
19:10:24.0160 5500 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:10:24.0164 5500 ViaC7 - ok
19:10:24.0203 5500 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
19:10:24.0232 5500 VIAHdAudAddService - ok
19:10:24.0249 5500 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:10:24.0253 5500 viaide - ok
19:10:24.0286 5500 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:10:24.0290 5500 volmgr - ok
19:10:24.0307 5500 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:10:24.0314 5500 volmgrx - ok
19:10:24.0348 5500 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:10:24.0354 5500 volsnap - ok
19:10:24.0389 5500 Vsdatant (6292c794ba68e0f46a6d45468461afe1) C:\Windows\system32\DRIVERS\vsdatant.sys
19:10:24.0397 5500 Vsdatant - ok
19:10:24.0422 5500 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:10:24.0427 5500 vsmraid - ok
19:10:24.0448 5500 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:10:24.0451 5500 vwifibus - ok
19:10:24.0477 5500 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:10:24.0480 5500 WacomPen - ok
19:10:24.0514 5500 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:10:24.0517 5500 WANARP - ok
19:10:24.0520 5500 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:10:24.0522 5500 Wanarpv6 - ok
19:10:24.0544 5500 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:10:24.0546 5500 Wd - ok
19:10:24.0565 5500 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:10:24.0571 5500 Wdf01000 - ok
19:10:24.0599 5500 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:10:24.0602 5500 WfpLwf - ok
19:10:24.0621 5500 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:10:24.0623 5500 WIMMount - ok
19:10:24.0674 5500 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:10:24.0677 5500 WinUsb - ok
19:10:24.0710 5500 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:10:24.0712 5500 WmiAcpi - ok
19:10:24.0744 5500 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:10:24.0747 5500 ws2ifsl - ok
19:10:24.0768 5500 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:10:24.0771 5500 WSDPrintDevice - ok
19:10:24.0811 5500 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:10:24.0814 5500 WudfPf - ok
19:10:24.0833 5500 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:10:24.0841 5500 WUDFRd - ok
19:10:24.0889 5500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:10:24.0891 5500 \Device\Harddisk0\DR0 - ok
19:10:24.0907 5500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:10:24.0964 5500 \Device\Harddisk1\DR1 - ok
19:10:24.0970 5500 Boot (0x1200) (8d9be5adbfdd6a18b838a1335bf884cb) \Device\Harddisk0\DR0\Partition0
19:10:24.0971 5500 \Device\Harddisk0\DR0\Partition0 - ok
19:10:24.0976 5500 Boot (0x1200) (38039933152dc7e0abd8a49c890d7d85) \Device\Harddisk1\DR1\Partition0
19:10:24.0977 5500 \Device\Harddisk1\DR1\Partition0 - ok
19:10:24.0987 5500 Boot (0x1200) (57152ee3068b186e7e2cc932c04c5265) \Device\Harddisk1\DR1\Partition1
19:10:24.0988 5500 \Device\Harddisk1\DR1\Partition1 - ok
19:10:24.0990 5500 ============================================================
19:10:24.0990 5500 Scan finished
19:10:24.0990 5500 ============================================================
19:10:25.0006 6512 Detected object count: 0
19:10:25.0006 6512 Actual detected object count: 0
19:11:14.0619 7004 ============================================================
19:11:14.0619 7004 Scan started
19:11:14.0619 7004 Mode: Manual;

 

[mclarenrich]

TDS killer report part 2 final

19:11:14.0619 7004 ============================================================
19:11:15.0291 7004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:11:15.0294 7004 1394ohci - ok
19:11:15.0315 7004 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:11:15.0318 7004 ACPI - ok
19:11:15.0348 7004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:11:15.0349 7004 AcpiPmi - ok
19:11:15.0383 7004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:11:15.0387 7004 adp94xx - ok
19:11:15.0407 7004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:11:15.0411 7004 adpahci - ok
19:11:15.0430 7004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:11:15.0432 7004 adpu320 - ok
19:11:15.0456 7004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:11:15.0460 7004 AFD - ok
19:11:15.0494 7004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:11:15.0495 7004 agp440 - ok
19:11:15.0509 7004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:11:15.0511 7004 aic78xx - ok
19:11:15.0525 7004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:11:15.0526 7004 aliide - ok
19:11:15.0562 7004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:11:15.0563 7004 amdagp - ok
19:11:15.0576 7004 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:11:15.0577 7004 amdide - ok
19:11:15.0592 7004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:11:15.0593 7004 AmdK8 - ok
19:11:15.0731 7004 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
19:11:15.0763 7004 amdkmdag - ok
19:11:15.0784 7004 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
19:11:15.0785 7004 amdkmdap - ok
19:11:15.0801 7004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:11:15.0802 7004 AmdPPM - ok
19:11:15.0836 7004 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:11:15.0839 7004 amdsata - ok
19:11:15.0864 7004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:11:15.0868 7004 amdsbs - ok
19:11:15.0884 7004 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:11:15.0885 7004 amdxata - ok
19:11:15.0916 7004 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:11:15.0919 7004 AppID - ok
19:11:15.0954 7004 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:11:15.0955 7004 arc - ok
19:11:15.0971 7004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:11:15.0972 7004 arcsas - ok
19:11:15.0996 7004 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
19:11:15.0998 7004 AsIO - ok
19:11:16.0027 7004 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
19:11:16.0028 7004 AsUpIO - ok
19:11:16.0043 7004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:11:16.0044 7004 AsyncMac - ok
19:11:16.0142 7004 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:11:16.0144 7004 atapi - ok
19:11:16.0180 7004 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:11:16.0182 7004 AVGIDSDriver - ok
19:11:16.0195 7004 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:11:16.0196 7004 AVGIDSEH - ok
19:11:16.0212 7004 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:11:16.0214 7004 AVGIDSFilter - ok
19:11:16.0229 7004 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:11:16.0230 7004 AVGIDSShim - ok
19:11:16.0255 7004 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
19:11:16.0258 7004 Avgldx86 - ok
19:11:16.0272 7004 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:11:16.0274 7004 Avgmfx86 - ok
19:11:16.0304 7004 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:11:16.0307 7004 Avgrkx86 - ok
19:11:16.0329 7004 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
19:11:16.0332 7004 Avgtdix - ok
19:11:16.0369 7004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:11:16.0374 7004 b06bdrv - ok
19:11:16.0391 7004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:11:16.0393 7004 b57nd60x - ok
19:11:16.0413 7004 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:11:16.0414 7004 Beep - ok
19:11:16.0432 7004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:11:16.0433 7004 blbdrive - ok
19:11:16.0461 7004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:11:16.0463 7004 bowser - ok
19:11:16.0477 7004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:11:16.0478 7004 BrFiltLo - ok
19:11:16.0499 7004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:11:16.0500 7004 BrFiltUp - ok
19:11:16.0511 7004 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:11:16.0512 7004 BridgeMP - ok
19:11:16.0527 7004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:11:16.0529 7004 Brserid - ok
19:11:16.0547 7004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:11:16.0548 7004 BrSerWdm - ok
19:11:16.0562 7004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:11:16.0562 7004 BrUsbMdm - ok
19:11:16.0569 7004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:11:16.0569 7004 BrUsbSer - ok
19:11:16.0582 7004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:11:16.0583 7004 BTHMODEM - ok
19:11:16.0636 7004 catchme - ok
19:11:16.0664 7004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:11:16.0665 7004 cdfs - ok
19:11:16.0697 7004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:11:16.0698 7004 cdrom - ok
19:11:16.0715 7004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:11:16.0716 7004 circlass - ok
19:11:16.0742 7004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:11:16.0745 7004 CLFS - ok
19:11:16.0761 7004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:11:16.0762 7004 CmBatt - ok
19:11:16.0793 7004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:11:16.0794 7004 cmdide - ok
19:11:16.0837 7004 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:11:16.0839 7004 CNG - ok
19:11:16.0853 7004 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:11:16.0854 7004 Compbatt - ok
19:11:16.0889 7004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:11:16.0890 7004 CompositeBus - ok
19:11:16.0910 7004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:11:16.0911 7004 crcdisk - ok
19:11:16.0944 7004 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:11:16.0945 7004 ctxusbm - ok
19:11:16.0978 7004 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:11:16.0979 7004 DfsC - ok
19:11:17.0016 7004 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
19:11:17.0019 7004 DgiVecp - ok
19:11:17.0044 7004 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:11:17.0047 7004 discache - ok
19:11:17.0064 7004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:11:17.0066 7004 Disk - ok
19:11:17.0107 7004 DisplayLinkUsbPort (adccc97ad9af22d019428b6773f23150) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
19:11:17.0111 7004 DisplayLinkUsbPort - ok
19:11:17.0168 7004 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
19:11:17.0170 7004 dlkmd - ok
19:11:17.0200 7004 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
19:11:17.0201 7004 dlkmdldr - ok
19:11:17.0231 7004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:11:17.0233 7004 drmkaud - ok
19:11:17.0270 7004 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:11:17.0273 7004 dtsoftbus01 - ok
19:11:17.0306 7004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:11:17.0312 7004 DXGKrnl - ok
19:11:17.0414 7004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:11:17.0438 7004 ebdrv - ok
19:11:17.0476 7004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:11:17.0478 7004 elxstor - ok
19:11:17.0508 7004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:11:17.0509 7004 ErrDev - ok
19:11:17.0532 7004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:11:17.0534 7004 exfat - ok
19:11:17.0545 7004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:11:17.0547 7004 fastfat - ok
19:11:17.0562 7004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:11:17.0563 7004 fdc - ok
19:11:17.0582 7004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:11:17.0583 7004 FileInfo - ok
19:11:17.0602 7004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:11:17.0603 7004 Filetrace - ok
19:11:17.0617 7004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:17.0618 7004 flpydisk - ok
19:11:17.0630 7004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:11:17.0632 7004 FltMgr - ok
19:11:17.0652 7004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:11:17.0653 7004 FsDepends - ok
19:11:17.0687 7004 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
19:11:17.0690 7004 FSProFilter - ok
19:11:17.0708 7004 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:11:17.0711 7004 Fs_Rec - ok
19:11:17.0760 7004 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:11:17.0766 7004 fvevol - ok
19:11:17.0775 7004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:11:17.0777 7004 gagp30kx - ok
19:11:17.0817 7004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:11:17.0818 7004 GEARAspiWDM - ok
19:11:17.0837 7004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:11:17.0839 7004 hcw85cir - ok
19:11:17.0875 7004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:11:17.0878 7004 HdAudAddService - ok
19:11:17.0911 7004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:11:17.0914 7004 HDAudBus - ok
19:11:17.0931 7004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:11:17.0932 7004 HidBatt - ok
19:11:17.0948 7004 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:11:17.0951 7004 HidBth - ok
19:11:17.0964 7004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:11:17.0966 7004 HidIr - ok
19:11:17.0980 7004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:11:17.0981 7004 HidUsb - ok
19:11:18.0005 7004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:11:18.0007 7004 HpSAMD - ok
19:11:18.0052 7004 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:11:18.0055 7004 HTTP - ok
19:11:18.0088 7004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:11:18.0089 7004 hwpolicy - ok
19:11:18.0122 7004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:11:18.0123 7004 i8042prt - ok
19:11:18.0165 7004 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:11:18.0167 7004 iaStorV - ok
19:11:18.0195 7004 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:11:18.0196 7004 iirsp - ok
19:11:18.0210 7004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:11:18.0212 7004 intelide - ok
19:11:18.0227 7004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:11:18.0228 7004 intelppm - ok
19:11:18.0244 7004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:11:18.0246 7004 IpFilterDriver - ok
19:11:18.0279 7004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:11:18.0281 7004 IPMIDRV - ok
19:11:18.0296 7004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:11:18.0297 7004 IPNAT - ok
19:11:18.0316 7004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:11:18.0317 7004 IRENUM - ok
19:11:18.0356 7004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:11:18.0360 7004 isapnp - ok
19:11:18.0400 7004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:11:18.0407 7004 iScsiPrt - ok
19:11:18.0478 7004 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:11:18.0481 7004 ISWKL - ok
19:11:18.0499 7004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:11:18.0501 7004 kbdclass - ok
19:11:18.0539 7004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:11:18.0541 7004 kbdhid - ok
19:11:18.0576 7004 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:11:18.0581 7004 KSecDD - ok
19:11:18.0599 7004 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:11:18.0605 7004 KSecPkg - ok
19:11:18.0642 7004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:11:18.0644 7004 lltdio - ok
19:11:18.0670 7004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:11:18.0672 7004 LSI_FC - ok
19:11:18.0687 7004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:11:18.0689 7004 LSI_SAS - ok
19:11:18.0707 7004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:11:18.0708 7004 LSI_SAS2 - ok
19:11:18.0724 7004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:11:18.0726 7004 LSI_SCSI - ok
19:11:18.0742 7004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:11:18.0743 7004 luafv - ok
19:11:18.0764 7004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:11:18.0765 7004 megasas - ok
19:11:18.0780 7004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:11:18.0782 7004 MegaSR - ok
19:11:18.0795 7004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:11:18.0796 7004 Modem - ok
19:11:18.0810 7004 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:11:18.0811 7004 monitor - ok
19:11:18.0847 7004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:11:18.0850 7004 mouclass - ok
19:11:18.0877 7004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:11:18.0881 7004 mouhid - ok
19:11:18.0918 7004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:11:18.0919 7004 mountmgr - ok
19:11:18.0953 7004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:11:18.0958 7004 mpio - ok
19:11:18.0978 7004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:11:18.0983 7004 mpsdrv - ok
19:11:19.0031 7004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:11:19.0036 7004 MRxDAV - ok
19:11:19.0069 7004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:11:19.0071 7004 mrxsmb - ok
19:11:19.0101 7004 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:11:19.0103 7004 mrxsmb10 - ok
19:11:19.0117 7004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:11:19.0118 7004 mrxsmb20 - ok
19:11:19.0153 7004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:11:19.0157 7004 msahci - ok
19:11:19.0198 7004 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:11:19.0203 7004 msdsm - ok
19:11:19.0240 7004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:11:19.0242 7004 Msfs - ok
19:11:19.0256 7004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:11:19.0258 7004 mshidkmdf - ok
19:11:19.0285 7004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:11:19.0287 7004 msisadrv - ok
19:11:19.0307 7004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:11:19.0309 7004 MSKSSRV - ok
19:11:19.0327 7004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:11:19.0329 7004 MSPCLOCK - ok
19:11:19.0337 7004 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:11:19.0339 7004 MSPQM - ok
19:11:19.0360 7004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:11:19.0363 7004 MsRPC - ok
19:11:19.0380 7004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:11:19.0382 7004 mssmbios - ok
19:11:19.0401 7004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:11:19.0403 7004 MSTEE - ok
19:11:19.0422 7004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:11:19.0424 7004 MTConfig - ok
19:11:19.0453 7004 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
19:11:19.0454 7004 MTsensor - ok
19:11:19.0474 7004 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:11:19.0476 7004 Mup - ok
19:11:19.0501 7004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:11:19.0505 7004 NativeWifiP - ok
19:11:19.0549 7004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:11:19.0556 7004 NDIS - ok
19:11:19.0569 7004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:11:19.0571 7004 NdisCap - ok
19:11:19.0585 7004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:11:19.0587 7004 NdisTapi - ok
19:11:19.0621 7004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:11:19.0624 7004 Ndisuio - ok
19:11:19.0656 7004 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:11:19.0662 7004 NdisWan - ok
19:11:19.0703 7004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:11:19.0707 7004 NDProxy - ok
19:11:19.0737 7004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:11:19.0741 7004 NetBIOS - ok
19:11:19.0786 7004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:11:19.0793 7004 NetBT - ok
19:11:19.0843 7004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:11:19.0848 7004 nfrd960 - ok
19:11:19.0877 7004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:11:19.0879 7004 Npfs - ok
19:11:19.0900 7004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:11:19.0902 7004 nsiproxy - ok
19:11:19.0971 7004 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:11:19.0988 7004 Ntfs - ok
19:11:20.0002 7004 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:11:20.0003 7004 Null - ok
19:11:20.0034 7004 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:11:20.0036 7004 NVENETFD - ok
19:11:20.0058 7004 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
19:11:20.0060 7004 NVNET - ok
19:11:20.0095 7004 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:11:20.0096 7004 nvraid - ok
19:11:20.0133 7004 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:11:20.0134 7004 nvstor - ok
19:11:20.0161 7004 nvstor32 (97778c3cb3af6b2243648d0dcd4d8916) C:\Windows\system32\DRIVERS\nvstor32.sys
19:11:20.0163 7004 nvstor32 - ok
19:11:20.0202 7004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:11:20.0207 7004 nv_agp - ok
19:11:20.0256 7004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:11:20.0261 7004 ohci1394 - ok
19:11:20.0308 7004 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:11:20.0310 7004 Parport - ok
19:11:20.0340 7004 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:11:20.0342 7004 partmgr - ok
19:11:20.0358 7004 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:11:20.0362 7004 Parvdm - ok
19:11:20.0402 7004 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:11:20.0406 7004 pci - ok
19:11:20.0422 7004 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:11:20.0425 7004 pciide - ok
19:11:20.0440 7004 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:11:20.0443 7004 pcmcia - ok
19:11:20.0461 7004 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:11:20.0463 7004 pcw - ok
19:11:20.0490 7004 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:11:20.0497 7004 PEAUTH - ok
19:11:20.0541 7004 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:11:20.0542 7004 PptpMiniport - ok
19:11:20.0558 7004 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:11:20.0559 7004 Processor - ok
19:11:20.0574 7004 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:11:20.0576 7004 Psched - ok
19:11:20.0606 7004 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:11:20.0612 7004 ql2300 - ok
19:11:20.0627 7004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:11:20.0628 7004 ql40xx - ok
19:11:20.0643 7004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:11:20.0644 7004 QWAVEdrv - ok
19:11:20.0656 7004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:11:20.0657 7004 RasAcd - ok
19:11:20.0683 7004 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:11:20.0684 7004 RasAgileVpn - ok
19:11:20.0704 7004 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:11:20.0706 7004 Rasl2tp - ok
19:11:20.0722 7004 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:11:20.0724 7004 RasPppoe - ok
19:11:20.0742 7004 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:11:20.0744 7004 RasSstp - ok
19:11:20.0782 7004 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:11:20.0789 7004 rdbss - ok
19:11:20.0817 7004 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:11:20.0821 7004 rdpbus - ok
19:11:20.0867 7004 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:11:20.0871 7004 RDPCDD - ok
19:11:20.0895 7004 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:11:20.0897 7004 RDPENCDD - ok
19:11:20.0914 7004 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:11:20.0917 7004 RDPREFMP - ok
19:11:20.0954 7004 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:11:20.0957 7004 RDPWD - ok
19:11:20.0992 7004 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:11:20.0995 7004 rdyboost - ok
19:11:21.0028 7004 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:11:21.0031 7004 rspndr - ok
19:11:21.0067 7004 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:11:21.0072 7004 sbp2port - ok
19:11:21.0116 7004 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:11:21.0121 7004 scfilter - ok
19:11:21.0168 7004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:11:21.0171 7004 secdrv - ok
19:11:21.0192 7004 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:11:21.0194 7004 Serenum - ok
19:11:21.0214 7004 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:11:21.0217 7004 Serial - ok
19:11:21.0258 7004 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:11:21.0260 7004 sermouse - ok
19:11:21.0303 7004 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:11:21.0306 7004 sffdisk - ok
19:11:21.0326 7004 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:11:21.0331 7004 sffp_mmc - ok
19:11:21.0353 7004 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:11:21.0355 7004 sffp_sd - ok
19:11:21.0369 7004 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:11:21.0372 7004 sfloppy - ok
19:11:21.0415 7004 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:11:21.0418 7004 sisagp - ok
19:11:21.0435 7004 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:11:21.0437 7004 SiSRaid2 - ok
19:11:21.0455 7004 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:11:21.0458 7004 SiSRaid4 - ok
19:11:21.0471 7004 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:11:21.0474 7004 Smb - ok
19:11:21.0492 7004 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:11:21.0494 7004 spldr - ok
19:11:21.0526 7004 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:11:21.0528 7004 srv - ok
19:11:21.0547 7004 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:11:21.0549 7004 srv2 - ok
19:11:21.0575 7004 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:11:21.0577 7004 srvnet - ok
19:11:21.0606 7004 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
19:11:21.0610 7004 SSPORT - ok
19:11:21.0653 7004 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
19:11:21.0659 7004 stdriver - ok
19:11:21.0694 7004 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:11:21.0695 7004 stexstor - ok
19:11:21.0722 7004 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
19:11:21.0727 7004 StillCam - ok
19:11:21.0761 7004 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:11:21.0763 7004 swenum - ok
19:11:21.0825 7004 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:11:21.0847 7004 Tcpip - ok
19:11:21.0878 7004 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:11:21.0886 7004 TCPIP6 - ok
19:11:21.0923 7004 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:11:21.0925 7004 tcpipreg - ok
19:11:21.0961 7004 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:11:21.0962 7004 TDPIPE - ok
19:11:21.0979 7004 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:11:21.0984 7004 TDTCP - ok
19:11:22.0018 7004 tdx (05f7a6e7b7b0fb8eb0a3c111467bc4e4) C:\Windows\system32\DRIVERS\tdx.sys
19:11:22.0041 7004 tdx - ok
19:11:22.0082 7004 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:11:22.0087 7004 TermDD - ok
19:11:22.0152 7004 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:11:22.0154 7004 tssecsrv - ok
19:11:22.0192 7004 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:11:22.0198 7004 TsUsbFlt - ok
19:11:22.0241 7004 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:11:22.0248 7004 tunnel - ok
19:11:22.0282 7004 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:11:22.0287 7004 uagp35 - ok
19:11:22.0326 7004 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:11:22.0335 7004 udfs - ok
19:11:22.0381 7004 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:11:22.0384 7004 uliagpkx - ok
19:11:22.0424 7004 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
19:11:22.0429 7004 umbus - ok
19:11:22.0452 7004 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:11:22.0455 7004 UmPass - ok
19:11:22.0497 7004 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:11:22.0501 7004 usbaudio - ok
19:11:22.0540 7004 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:11:22.0546 7004 usbccgp - ok
19:11:22.0585 7004 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:11:22.0588 7004 usbcir - ok
19:11:22.0617 7004 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:11:22.0620 7004 usbehci - ok
19:11:22.0643 7004 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:11:22.0647 7004 usbhub - ok
19:11:22.0662 7004 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:11:22.0665 7004 usbohci - ok
19:11:22.0689 7004 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:11:22.0691 7004 usbprint - ok
19:11:22.0704 7004 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:22.0707 7004 USBSTOR - ok
19:11:22.0724 7004 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:11:22.0726 7004 usbuhci - ok
19:11:22.0759 7004 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:11:22.0762 7004 vdrvroot - ok
19:11:22.0778 7004 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:22.0780 7004 vga - ok
19:11:22.0795 7004 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:11:22.0798 7004 VgaSave - ok
19:11:22.0844 7004 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:11:22.0851 7004 vhdmp - ok
19:11:22.0879 7004 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:11:22.0881 7004 viaagp - ok
19:11:22.0900 7004 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:11:22.0902 7004 ViaC7 - ok
19:11:22.0943 7004 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
19:11:22.0953 7004 VIAHdAudAddService - ok
19:11:22.0972 7004 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:11:22.0974 7004 viaide - ok
19:11:23.0010 7004 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:11:23.0015 7004 volmgr - ok
19:11:23.0039 7004 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:11:23.0044 7004 volmgrx - ok
19:11:23.0079 7004 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:11:23.0081 7004 volsnap - ok
19:11:23.0119 7004 Vsdatant (6292c794ba68e0f46a6d45468461afe1) C:\Windows\system32\DRIVERS\vsdatant.sys
19:11:23.0122 7004 Vsdatant - ok
19:11:23.0145 7004 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:11:23.0147 7004 vsmraid - ok
19:11:23.0163 7004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:11:23.0164 7004 vwifibus - ok
19:11:23.0183 7004 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:11:23.0185 7004 WacomPen - ok
19:11:23.0220 7004 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:23.0222 7004 WANARP - ok
19:11:23.0224 7004 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:23.0225 7004 Wanarpv6 - ok
19:11:23.0250 7004 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:11:23.0251 7004 Wd - ok
19:11:23.0271 7004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:11:23.0274 7004 Wdf01000 - ok
19:11:23.0306 7004 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:11:23.0307 7004 WfpLwf - ok
19:11:23.0327 7004 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:11:23.0329 7004 WIMMount - ok
19:11:23.0372 7004 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:11:23.0374 7004 WinUsb - ok
19:11:23.0400 7004 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:11:23.0401 7004 WmiAcpi - ok
19:11:23.0426 7004 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:11:23.0427 7004 ws2ifsl - ok
19:11:23.0450 7004 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:11:23.0451 7004 WSDPrintDevice - ok
19:11:23.0484 7004 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:11:23.0486 7004 WudfPf - ok
19:11:23.0504 7004 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:23.0506 7004 WUDFRd - ok
19:11:23.0519 7004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:11:23.0520 7004 \Device\Harddisk0\DR0 - ok
19:11:23.0546 7004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:11:23.0604 7004 \Device\Harddisk1\DR1 - ok
19:11:23.0607 7004 Boot (0x1200) (8d9be5adbfdd6a18b838a1335bf884cb) \Device\Harddisk0\DR0\Partition0
19:11:23.0608 7004 \Device\Harddisk0\DR0\Partition0 - ok
19:11:23.0610 7004 Boot (0x1200) (38039933152dc7e0abd8a49c890d7d85) \Device\Harddisk1\DR1\Partition0
19:11:23.0611 7004 \Device\Harddisk1\DR1\Partition0 - ok
19:11:23.0618 7004 Boot (0x1200) (57152ee3068b186e7e2cc932c04c5265) \Device\Harddisk1\DR1\Partition1
19:11:23.0619 7004 \Device\Harddisk1\DR1\Partition1 - ok
19:11:23.0620 7004 ============================================================
19:11:23.0620 7004 Scan finished
19:11:23.0620 7004 ============================================================
19:11:23.0626 5488 Detected object count: 0
19:11:23.0626 5488 Actual detected object count: 0

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[mclarenrich]

ComboFix.txt

ComboFix 12-03-09.05 - Mohit McLaren 03/09/2012 20:20:13.2.6 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.2116 [GMT -8:00]
Running from: c:\users\Mohit McLaren\Desktop\ComboFix.exe
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
c:\windows\TEMP\jna7453115329215118554.dll
c:\windows\$NtUninstallKB11742$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 04:28 . 2012-03-10 04:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 04:28 . 2012-03-10 04:28 -------- d-----w- c:\users\New Profile\AppData\Local\temp
2012-03-04 06:42 . 2011-04-10 20:07 182896 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2012-03-04 06:42 . 2011-04-10 20:07 14448 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2012-03-04 06:14 . 2012-03-04 06:14 -------- d-----w- c:\program files\DisplayLink Graphics
2012-03-04 06:13 . 2012-03-04 06:42 -------- d-----w- c:\program files\DisplayLink Core Software
2012-02-20 15:45 . 2012-02-20 15:45 -------- d-----w- c:\program files\Belarc
2012-02-16 00:12 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 00:11 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:11 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 00:11 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 15:47 . 2012-02-14 15:47 -------- d-----w- c:\programdata\Citrix
2012-02-14 15:47 . 2012-02-14 15:52 -------- d-----w- c:\users\Mohit McLaren\AppData\Roaming\ICAClient
2012-02-14 15:47 . 2012-02-14 15:47 -------- d-----w- c:\users\Mohit McLaren\AppData\Local\Citrix
2012-02-14 15:47 . 2012-02-14 15:47 -------- d-----w- c:\program files\Citrix
2012-02-13 19:02 . 2012-02-13 21:59 -------- d-----w- c:\users\Mohit McLaren\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 14:57 . 2011-06-29 02:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 17:23 . 2011-12-23 17:23 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2009-09-13 07:05 . 2009-09-13 07:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 07:06 . 2009-09-13 07:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 07:06 . 2009-09-13 07:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 07:06 . 2009-09-13 07:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 07:06 . 2009-09-13 07:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 07:07 . 2009-09-13 07:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 07:06 . 2009-09-13 07:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 07:06 . 2009-09-13 07:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 21:33 . 2009-08-14 21:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 07:06 . 2009-09-13 07:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-02-17 18:04 . 2011-06-28 22:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . 05F7A6E7B7B0FB8EB0A3C111467BC4E4 . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . 05F7A6E7B7B0FB8EB0A3C111467BC4E4 . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\users\Mohit McLaren\Downloads\volumouse\volumouse.exe" [2011-06-29 33280]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"cdloader"="c:\users\Mohit McLaren\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-12-05 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 2460472]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2011-04-15 536576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-12-07 2136384]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CLSA"="c:\program files\Good Deal Software\Craigs Search Agent\search_agent.exe" [2011-08-10 3009763]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PS3 Media Server.lnk - c:\program files\PS3 Media Server\PMS.exe [2011-6-16 432749]
volumouse - Shortcut.lnk - c:\users\Mohit McLaren\Downloads\volumouse\volumouse.exe [2009-8-5 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 14448]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-23 41912]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-09 65584]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-30 239168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 5240168]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 27016]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 497280]
S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-04 5120]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-11 21888]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 182896]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-12-23 49240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-07-29 1102848]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rootmodem
pepifilter
rdnaoflsvc
ccflic0
SMNDIS5
smbusp
oracleorahomemanagementserver
PGPsdkDriver
cportclm
BoiHwsetup
isapisearch
DivisCTP
w300bus
se2Dnd5
hprfdev
XTrapD12
IPFilter
nwlnkipx
PSSdk21
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 19:06]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.shareazaweb.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mohit McLaren\AppData\Roaming\Mozilla\Firefox\Profiles\o34f03xe.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(4704)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\windows\system32\java.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\AI Direct Link\AsCmd.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\AI Direct Link\AsShare.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-03-09 20:40:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 04:40
ComboFix2.txt 2012-03-06 06:46
.
Pre-Run: 368,400,543,744 bytes free
Post-Run: 368,393,060,352 bytes free
.
- - End Of File - - 3ED3DA27B5409AD6F7455A674A9A7257

 

[mclarenrich]

Reinstall AVG

Hi

Thanks so far, should i reinstall AVG or some other program?