Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

spyware or malware

Started by bcfcmeerkat , Nov 30 2011 07:35 AM

Please log in to reply

#1
bcfcmeerkat

Posted 30 November 2011 - 07:35 AM

Member

Member
38 posts

I think that I may have Spyware or Malware on my computer as adverts keep popping up on some web pages that I go on with things that I have been looking at to bye. Can someone please have a look at my log please.
THANK YOU
PAUL

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:34:50, on 30/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {14940384-1ea8-4976-9800-2c1d1c350bf0} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://louk.solidwor...elsStandard.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{955686F7-4267-4951-818D-A05553FE0B61}: NameServer = 82.132.254.3 82.132.254.2
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 7947 bytes

#2
Jintan

Posted 01 December 2011 - 05:42 PM

Trusted Helper

Malware Removal
904 posts

Hello bcfcmeerkat,

Looks like at least some questionable or search hijacking programs loading there. Let's get a more detailed look at things.

The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

------------------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Decline a download of avast itself if offered
If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

#3
bcfcmeerkat

Posted 05 December 2011 - 05:58 PM

Member

Topic Starter
Member
38 posts

Sorry i took so long to reply but i have been a way for the weekend. Here is a coppy of the scans you asked me to do.

Thank you

OTL logfile created on: 12/5/2011 11:07:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 70.16% Memory free
5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.87% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 111.19 Gb Free Space | 74.60% Space Free | Partition Type: NTFS
Drive E: | 44.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 18:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Downloads\OTL.exe
PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/10/19 15:28:18 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2011/10/05 20:18:50 | 001,051,760 | ---- | M] (Badoo) -- C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/21 18:27:18 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/10 14:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/10/09 22:24:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/03 14:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 17:13:02 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/21 18:27:16 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 00:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2011/05/07 17:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011/03/20 23:31:18 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/01/31 15:04:32 | 000,144,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/15 15:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2010/02/12 15:11:44 | 001,766,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/16 02:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 22:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/03/28 14:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 07 59 3A 02 42 CC 01 [binary data]
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\URLSearchHook: {14940384-1ea8-4976-9800-2c1d1c350bf0} - No CLSID value found
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://badoo.com/startpage/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/11/29 14:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/12 14:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 13:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/28 13:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/28 13:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/09 21:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2011/11/16 23:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\t3di2n8w.default\extensions
[2011/11/16 23:18:06 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\t3di2n8w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/16 01:03:03 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\t3di2n8w.default\extensions\[email protected]
[2011/07/14 17:56:49 | 000,002,023 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\t3di2n8w.default\searchplugins\badoo.xml
[2011/11/16 23:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 15:41:54 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/18 16:09:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/07 17:02:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/03 12:18:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/11/16 23:12:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/11/29 14:38:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T3DI2N8W.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 11:35:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 02:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/23 01:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\
CHR - Extension: Zynga = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\

O1 HOSTS File: ([2011/11/22 01:28:30 | 000,438,702 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15087 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\Toolbar\WebBrowser: (no name) - {14940384-1EA8-4976-9800-2C1D1C350BF0} - No CLSID value found.
O3 - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1232758047-3035005367-2970806742-1000..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe (Badoo)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://louk.solidwor...elsStandard.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/22 02:28:05 | 000,005,560 | ---- | M] () - C:\AutoCADConfig.pit -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/05 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/12 10:31:22 | 000,025,214 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/09/12 10:23:04 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{36ed10a4-14de-11e0-9850-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{36ed10a4-14de-11e0-9850-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/05 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4fd482be-3b6d-11e0-859e-001e68ebdbd2}\Shell - "" = AutoRun
O33 - MountPoints2\{4fd482be-3b6d-11e0-859e-001e68ebdbd2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/05 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b973ddc7-d3cb-11df-adb3-001e68ebdbd2}\Shell - "" = AutoRun
O33 - MountPoints2\{b973ddc7-d3cb-11df-adb3-001e68ebdbd2}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{cb641817-d3ed-11df-ae41-001e68ebdbd2}\Shell - "" = AutoRun
O33 - MountPoints2\{cb641817-d3ed-11df-ae41-001e68ebdbd2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/05 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d4bdb772-e1d9-11df-abc8-001e68ebdbd2}\Shell - "" = AutoRun
O33 - MountPoints2\{d4bdb772-e1d9-11df-abc8-001e68ebdbd2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/05 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e57450f2-f103-11e0-af08-001e68ebdbd2}\Shell - "" = AutoRun
O33 - MountPoints2\{e57450f2-f103-11e0-af08-001e68ebdbd2}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{e57450f2-f103-11e0-af08-001e68ebdbd2}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/05 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 11:03:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{6788903F-7CC2-4000-8223-8ADA5CFD7E9C}
[2011/12/04 17:14:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{EDEAD475-738A-4267-A1EC-1773B9C1FB86}
[2011/12/04 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E0C502F1-EE33-476D-9C8C-5C1ACE4B2A5D}
[2011/12/01 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3E08CFB2-7BC9-453F-A5CA-6A52F232854E}
[2011/12/01 19:40:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{5CD701C4-0FB1-430F-A15A-C6FBB55F875A}
[2011/11/30 13:14:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/30 13:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/30 10:34:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{1DDF63A1-1EF5-470D-90C6-03EC45E35AA0}
[2011/11/30 10:33:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{78E41F8E-CE69-4E39-9610-0DB5E0B14D3D}
[2011/11/29 15:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/11/29 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{AF0DBBA9-658F-4CFF-A0D7-DD10E3CAE8C3}
[2011/11/29 14:32:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{6088BE91-30BB-4341-BE67-B1B2E090DCE8}
[2011/11/28 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2011/11/28 13:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/28 13:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/28 13:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/28 13:26:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0B892C16-C66C-47DA-BF14-533557BD8714}
[2011/11/28 13:25:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{83C9CF99-46E5-4021-A0FB-4E55FB4A1923}
[2011/11/24 10:28:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{CEF7A4FF-A95D-4F96-9939-4FE7E149AD9A}
[2011/11/24 10:27:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{69C959B8-49AD-4D6F-9BBE-3BFDE1375FAB}
[2011/11/22 23:54:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{2CC2ED3C-4CFC-455B-9EFC-E7A97C6FF09E}
[2011/11/22 23:53:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{CF88DB1D-7C8D-4A40-9230-2D67A571CEB7}
[2011/11/21 23:58:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{20F7BDCA-2678-48C6-B90E-17453929ED58}
[2011/11/21 23:57:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{93198623-6675-44AA-9412-CC6AC2301725}
[2011/11/19 15:55:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0C28AEBA-1872-4B3C-A51C-C0A9CB74AAE5}
[2011/11/19 15:53:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{26CC9B9B-0DA6-4E0A-BDD8-4A28B770684B}
[2011/11/17 18:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2011/11/17 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\MediaMonkey
[2011/11/17 17:03:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{F9D74E0B-E8FD-44C1-9E1E-B29B8CEDF021}
[2011/11/17 17:02:33 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{6D9B4B19-5465-4558-AD77-9790BB4E89F5}
[2011/11/16 23:12:30 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/16 23:12:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/16 23:12:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/16 16:26:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{157F280B-22B2-4AA4-B560-A261F42B69BF}
[2011/11/16 16:25:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{72EF2F4C-C281-4D44-8F16-BAB16B40CD0C}
[2011/11/15 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{A063C0EF-9EF3-4C44-9D2D-C4839C8F4CFA}
[2011/11/15 22:35:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{CC20992F-619B-433E-A7BD-C874265B1033}
[2011/11/12 14:32:40 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/11/12 14:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2011/11/12 13:54:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{A396E6AC-095A-474B-8C56-2324A7DAAA08}
[2011/11/12 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{40FC9EAB-47D2-4AFD-B6F5-E341A2BF81B1}
[2011/11/11 10:46:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{94E2C276-2CAE-4A19-B272-4B845FFD3225}
[2011/11/11 10:45:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{EE7B0C96-1434-4548-87F5-D683746320A1}
[2011/11/09 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C4AB8A0E-2AA5-4372-9C2C-9AE2469AEEAE}
[2011/11/09 23:58:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{40D7443E-647F-4FB7-A53D-A3693DC03675}
[2011/11/09 11:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Badoo
[2011/11/09 11:35:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{70ACEF67-AC6F-4254-837F-87B430B6F3F4}
[2011/11/09 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{91CBBF75-C185-436E-85FB-2FEBBA1E91F5}
[2011/11/09 11:34:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{63921055-114B-4002-9B3A-68D852FC6989}
[2011/11/09 11:34:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{855330BD-A871-465D-BD35-9013BADE19FC}
[2011/11/08 23:38:36 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/08 23:33:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{934BB09D-4C27-43DF-BFC1-DEDDAB1DC05E}
[2011/11/08 23:31:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C3B513B6-65E8-4F76-9DFD-4813CF9CD154}
[2011/11/07 23:54:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8217123A-2947-43AF-8991-BF20B8BC4BDC}
[2011/11/07 23:53:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{08B83FA5-E091-4AEE-8410-B1F1B6CB1D36}
[2011/11/07 23:48:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3098081D-6D54-463C-BB57-C3624859B776}
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/07 10:10:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3D50451A-44A0-49F0-8BF1-92AEA5AE37A1}
[2011/11/07 10:09:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{F14B6545-90C5-443E-8C34-648BD4F7EEB3}
[2011/11/06 12:31:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E3481DD7-ADFC-4CC8-84BA-A66778E14E45}
[2011/11/06 12:29:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{9465D97A-4F2E-4FEC-87E3-9693C1DD669C}
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/05/23 23:40:17 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011/05/23 23:40:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 11:08:14 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/05 11:08:14 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/05 11:05:07 | 000,312,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/05 11:05:07 | 000,041,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/05 11:02:27 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/05 11:02:23 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/12/05 11:00:57 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/05 11:00:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/05 11:00:28 | 2359,980,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 19:32:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1232758047-3035005367-2970806742-1000UA.job
[2011/12/04 18:57:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 18:18:43 | 000,001,417 | ---- | M] () -- C:\Users\Paul\Desktop\aswMBR.exe - Shortcut.lnk
[2011/12/04 18:14:13 | 000,001,437 | ---- | M] () -- C:\Users\Paul\Desktop\7mk9gcz2.exe - Shortcut.lnk
[2011/12/04 18:11:53 | 000,001,382 | ---- | M] () -- C:\Users\Paul\Desktop\OTL.exe - Shortcut.lnk
[2011/11/30 13:24:23 | 000,295,226 | ---- | M] () -- C:\Users\Paul\AppData\Local\census.cache
[2011/11/30 13:24:03 | 000,124,055 | ---- | M] () -- C:\Users\Paul\AppData\Local\ars.cache
[2011/11/30 13:14:52 | 000,002,959 | ---- | M] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2011/11/29 15:03:53 | 000,002,016 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2011/11/29 15:03:53 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2011/11/29 14:38:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/28 16:44:36 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1232758047-3035005367-2970806742-1000Core.job
[2011/11/28 13:51:15 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/24 11:39:45 | 000,002,060 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/22 11:38:01 | 000,001,008 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Badoo.Desktop.lnk
[2011/11/22 11:38:01 | 000,000,984 | ---- | M] () -- C:\Users\Paul\Desktop\Badoo.Desktop.lnk
[2011/11/22 01:29:15 | 000,001,274 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/22 01:29:15 | 000,001,250 | ---- | M] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2011/11/22 01:28:30 | 000,438,702 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/22 00:34:37 | 000,002,395 | ---- | M] () -- C:\Users\Paul\Desktop\Google Chrome.lnk
[2011/11/17 18:23:22 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2011/11/17 17:01:38 | 000,015,170 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/11/16 16:28:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/12 14:32:50 | 000,415,915 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/11/12 14:31:10 | 000,000,981 | ---- | M] () -- C:\Users\Paul\Desktop\ZoneAlarm Security.lnk
[2011/11/10 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2011/11/09 11:35:37 | 000,002,002 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 10:38:53 | 000,293,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 18:18:43 | 000,001,417 | ---- | C] () -- C:\Users\Paul\Desktop\aswMBR.exe - Shortcut.lnk
[2011/12/04 18:14:13 | 000,001,437 | ---- | C] () -- C:\Users\Paul\Desktop\7mk9gcz2.exe - Shortcut.lnk
[2011/12/04 18:11:53 | 000,001,382 | ---- | C] () -- C:\Users\Paul\Desktop\OTL.exe - Shortcut.lnk
[2011/11/30 13:24:23 | 000,295,226 | ---- | C] () -- C:\Users\Paul\AppData\Local\census.cache
[2011/11/30 13:24:03 | 000,124,055 | ---- | C] () -- C:\Users\Paul\AppData\Local\ars.cache
[2011/11/30 13:14:52 | 000,002,959 | ---- | C] () -- C:\Users\Paul\Desktop\HiJackThis.lnk
[2011/11/29 15:03:58 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/11/29 15:03:53 | 000,002,016 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2011/11/29 15:03:53 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2011/11/28 13:51:15 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/12 14:32:15 | 000,415,915 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/11/12 14:31:10 | 000,000,981 | ---- | C] () -- C:\Users\Paul\Desktop\ZoneAlarm Security.lnk
[2011/11/09 11:51:55 | 000,001,008 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Badoo.Desktop.lnk
[2011/11/09 11:51:55 | 000,000,984 | ---- | C] () -- C:\Users\Paul\Desktop\Badoo.Desktop.lnk
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/10/07 17:16:47 | 000,000,848 | ---- | C] () -- C:\Windows\Rtcwplat.INI
[2011/05/27 18:48:24 | 001,766,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011/05/27 18:48:24 | 000,030,080 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011/05/27 18:48:23 | 000,034,048 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011/05/27 18:48:23 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/05/26 16:40:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/05/26 16:40:04 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/05/26 16:40:04 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/05/23 23:40:18 | 001,769,984 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2011/05/23 23:40:17 | 000,028,160 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2011/05/23 23:40:17 | 000,000,169 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2011/05/12 16:10:29 | 000,000,036 | ---- | C] () -- C:\ProgramData\InstallAlibre.config
[2011/03/23 02:09:53 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/01/19 16:00:36 | 000,009,216 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 17:39:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/29 16:06:57 | 000,000,017 | ---- | C] () -- C:\Users\Paul\AppData\Local\resmon.resmoncfg
[2010/11/11 18:26:00 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLGFILE14N.INI
[2010/11/05 16:56:32 | 000,000,223 | ---- | C] () -- C:\Windows\System32\MachineSetup.bin
[2010/07/29 04:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/07/29 04:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/07/29 04:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/03/15 15:44:34 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,293,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,312,170 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,041,806 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 22:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/06/29 10:25:12 | 000,033,664 | ---- | C] () -- C:\Windows\System32\drivers\TsWlan.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Paul\Music:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Paul\Downloads:Shareaza.GUID

< End of report >

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 11:37:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: 7mk9gcz2.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kxldapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90678FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9441D510]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x940FE914]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x940FF1E2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x941C7080]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x940FE36A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9067B456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9067B4AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x941C7BDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9067B5C4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x941195F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9067B3AC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x940FEE74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9067B4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9067B400]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ZwCreateThreadEx [0x906F77B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9067B572]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x940FEFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90678FE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x941C7DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x941CB5AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x941CB5DE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9441D5C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90678DB2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x941CB740]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x9411BC54]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x9411C106]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9067900C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9067B9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90679AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9067B486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9067B4D6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x941C7CF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9067B5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9067B3D8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x941C71F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9067B53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9067B42E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x941C73EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9067B59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9441D658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9067996A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x941CB6B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x941CB620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x941CB652]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x940FDF0E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x941CB684]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90679030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90679054]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x941C7026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x941C7E7C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x9411D078]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90678E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90678F48]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x941CB544]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90678F24]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x941C6FC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90678F6C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x941C6EE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x941C6F30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90679078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C8D349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CCDD80 4 Bytes [C4, 8F, 67, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CCDDA8 4 Bytes [10, D5, 41, 94] {ADC CH, DL; INC ECX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CCDDB4 8 Bytes [14, E9, 0F, 94, E2, F1, 0F, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CCDE08 4 Bytes [80, 70, 1C, 94] {XOR BYTE [EAX+0x1c], 0x94}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CCDE48 4 Bytes [6A, E3, 0F, 94]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E5ABE8 5 Bytes JMP 9442E69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E731B8 5 Bytes JMP 94430174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E882FF 4 Bytes CALL 9067A025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EA20D1 4 Bytes CALL 9067A03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFntCacheLookUp + 8B2E 82430205 5 Bytes JMP 9067BF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 3819 824442D2 5 Bytes JMP 9067C0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 4C63 824654E3 5 Bytes JMP 9067BB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 650 82486345 5 Bytes JMP 9067B9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 38FE 824895F3 5 Bytes JMP 9067BABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 39BC 824896B1 5 Bytes JMP 9067BAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EF5 8248DD37 5 Bytes JMP 9067BFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2AB5 82497708 5 Bytes JMP 9067BDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + AC45 8249F898 5 Bytes JMP 9067BC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteClip + 480C 824F6C18 5 Bytes JMP 9067BB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEqualRgn + 414D 82504A5B 5 Bytes JMP 9067BD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteRgn + 2198 82522A4F 5 Bytes JMP 9067BD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 3457 8255C100 5 Bytes JMP 9067BC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 968D 82562336 5 Bytes JMP 9067BCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text peauth.sys B3F53C9D 28 Bytes CALL E60DE8FB
.text peauth.sys B3F53CC1 28 Bytes CALL E60DE91F
PAGE peauth.sys B3F59B9B 72 Bytes JMP B37D3E1F
.text kernel32.dll!OpenProcess 76C4549F 5 Bytes [E9, C8, 2F, 07, AA] {JMP 0xffffffffaa072fcd}
.text kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text user32.dll!FindWindowA 768C8FF3 5 Bytes [E9, 97, F2, 3E, AA] {JMP 0xffffffffaa3ef29c}
.text user32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes [E9, 0A, 5C, A7, 89] {JMP 0xffffffff89a75c0f}
.text user32.dll!FindWindowW 768CAE0D 5 Bytes [E9, 48, D4, 3E, AA] {JMP 0xffffffffaa3ed44d}
.text user32.dll!UnhookWinEvent 768CB750 5 Bytes [E9, A7, 4C, A7, 89] {JMP 0xffffffff89a74cac}
.text user32.dll!SetWindowsHookExW 768CE30C 5 Bytes [E9, F3, 24, A7, 89] {JMP 0xffffffff89a724f8}
.text user32.dll!SetWinEventHook 768D24DC 5 Bytes [E9, 17, DD, A6, 89] {JMP 0xffffffff89a6dd1c}
.text user32.dll!SetWindowsHookExA 768F6D0C 5 Bytes [E9, EF, 98, A4, 89] {JMP 0xffffffff89a498f4}
.text advapi32.dll!SetThreadToken 7679C7CE 5 Bytes [E9, 63, C8, 51, AA] {JMP 0xffffffffaa51c868}
.text advapi32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes [E9, EF, 5A, 4E, AA] {JMP 0xffffffffaa4e5af4}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[148] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[148] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[148] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[148] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[148] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[148] USER32.dll!SetWindowsHookExW 768CE30C 3 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[148] USER32.dll!SetWindowsHookExW + 4 768CE310 1 Byte [89]
.text C:\Windows\System32\svchost.exe[148] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[148] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[148] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[148] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[344] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[344] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00150A08
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001503FC
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00150804
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001501F8
.text C:\Windows\System32\spoolsv.exe[344] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00150600
.text C:\Windows\System32\spoolsv.exe[344] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[344] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[432] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[432] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[432] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00290A08
.text C:\Windows\system32\svchost.exe[432] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 002903FC
.text C:\Windows\system32\svchost.exe[432] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00290804
.text C:\Windows\system32\svchost.exe[432] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 002901F8
.text C:\Windows\system32\svchost.exe[432] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00290600
.text C:\Windows\system32\svchost.exe[432] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[432] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[500] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[500] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[500] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[500] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[500] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[500] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[500] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\services.exe[548] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\services.exe[548] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\services.exe[548] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[572] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[572] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[572] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[572] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[580] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[580] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[580] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[740] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] user32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[828] user32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!KiUserApcDispatcher 772A6F58 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 002003FC
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00200804
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00200600
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] WS2_32.dll!getaddrinfo 76834296 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] WS2_32.dll!gethostbyname 76847673 5 Bytes JMP 71AD0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[876] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\ctfmon.exe[972] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[972] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1028] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00520A08
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 005203FC
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00520804
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 005201F8
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00520600
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00490A08
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 004903FC
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00490804
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 004901F8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00490600
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00F00A08
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 00F003FC
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00F00804
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 00F001F8
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00F00600
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 006D0A08
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 006D03FC
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 006D0804
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 006D01F8
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 006D0600
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 007A0A08
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 007A03FC
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 007A0804
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 007A01F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 007A0600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!KiUserApcDispatcher 772A6F58 5 Bytes JMP 00445210 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00290A08
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 002903FC
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00290804
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 002901F8
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00290600
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] WS2_32.dll!getaddrinfo 76834296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] WS2_32.dll!gethostbyname 76847673 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1500] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1640] kernel32.dll!SetUnhandledExceptionFilter 76C4F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1640] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00340A08
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 003403FC
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00340804
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 003401F8
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00340600
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] USER32.dll!GetUpdateRect + CF 768CA644 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001F03FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 001F0804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] advapi32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] advapi32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2356] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2356] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2356] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001103FC
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00110804
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\WUDFHost.exe[2356] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[2528] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2528] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2528] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2528] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 001D0A08
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001D03FC
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 001D0804
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001D01F8
.text C:\Windows\system32\svchost.exe[2528] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 001D0600
.text C:\Windows\system32\taskeng.exe[2836] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[2836] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[2836] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2836] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[2836] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[2836] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[2836] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[2836] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\Dwm.exe[2892] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2892] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2892] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2892] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2892] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[2892] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2892] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2892] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2928] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[2928] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[2928] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2928] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00120A08
.text C:\Windows\Explorer.EXE[2928] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001203FC
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00120804
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001201F8
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\taskhost.exe[2956] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2956] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2956] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2956] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2956] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2956] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2956] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2956] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe[3124] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3244] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3244] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3408] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 001D0A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001D03FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 001D0804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001D01F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3440] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 001D0600
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 001603FC
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 001601F8
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 001F0A08
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 001F03FC
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 001F0804
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 001F01F8
.text C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe[3504] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\AUDIODG.EXE[3808] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4036] ntdll.dll!NtAccessCheckByType 772A51D8 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] ntdll.dll!NtAlpcImpersonateClientOfPort 772A53B8 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] ntdll.dll!NtImpersonateClientOfPort 772A5AC8 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] ntdll.dll!NtSetInformationProcess 772A6678 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] ntdll.dll!LdrUnloadDll 772BC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[4036] ntdll.dll!LdrLoadDll 772C22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[4036] kernel32.dll!OpenProcess 76C4549F 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4036] ADVAPI32.dll!SetThreadToken 7679C7CE 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] ADVAPI32.dll!ImpersonateNamedPipeClient 767D3369 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!FindWindowA 768C8FF3 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!UnhookWindowsHookEx 768CADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!FindWindowW 768CAE0D 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!UnhookWinEvent 768CB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!SetWindowsHookExW 768CE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!SetWinEventHook 768D24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[4036] USER32.dll!SetWindowsHookExA 768F6D0C 5 Bytes JMP 00090600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [94103E18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [94103626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [94101D84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [941037D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [941037D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [94103E18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [94103626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [94101D84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [941037D0] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [94101D84] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [94103E18] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [94103626] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\svchost.exe[148] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\spoolsv.exe[344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wininit.exe[500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[572] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsm.exe[580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\ctfmon.exe[972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1028] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1348] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Users\Paul\Downloads\7mk9gcz2.exe[1700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!RegisterWaitForSingleObject] [71B51F20] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [71B520F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76CC5965] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [76CC596F] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [76CC5974] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [76CC596A] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2068] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\WUDFHost.exe[2356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3244] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\SearchIndexer.exe[4036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Companion\[email protected]@513c89dca2946c1045c6e1d3c01069cd\r\n 0xA7 0x0D 0x74 0x5A ...

---- EOF - GMER 1.0.15 ----

#4
bcfcmeerkat

Posted 05 December 2011 - 06:06 PM

Member

Topic Starter
Member
38 posts

Sorry i missed one out.
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-05 23:37:22
-----------------------------
23:37:22.566 OS Version: Windows 6.1.7601 Service Pack 1
23:37:22.566 Number of processors: 2 586 0xF0D
23:37:22.566 ComputerName: PAUL-PC UserName: Paul
23:37:28.494 Initialize success
23:37:32.004 AVAST engine defs: 11120401
23:39:08.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:39:08.023 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
23:39:10.067 Disk 0 MBR read successfully
23:39:10.083 Disk 0 MBR scan
23:39:10.083 Disk 0 Windows 7 default MBR code
23:39:10.098 Disk 0 scanning sectors +312578048
23:39:10.223 Disk 0 scanning C:\Windows\system32\drivers
23:39:23.546 Service scanning
23:39:26.338 Modules scanning
23:39:38.459 Disk 0 trace - called modules:
23:39:38.506 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
23:39:38.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86106460]
23:39:38.522 3 CLASSPNP.SYS[8b1b559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85347908]
23:39:38.537 Scan finished successfully
23:40:08.801 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
23:40:08.817 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

#5
Jintan

Posted 05 December 2011 - 06:17 PM

Trusted Helper

Malware Removal
904 posts

Some unwanted installs. Please open HijackThis again, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

#6
bcfcmeerkat

Posted 05 December 2011 - 06:48 PM

Member

Topic Starter
Member
38 posts

Hello when i open Hijackthis i get this popping up before it starts it is in attachments. And here is a copy of the scan file

Thank you

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:40:39, on 06/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {14940384-1ea8-4976-9800-2c1d1c350bf0} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://louk.solidwor...elsStandard.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{955686F7-4267-4951-818D-A05553FE0B61}: NameServer = 82.132.254.2 82.132.254.3
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 7815 bytes

Attached Thumbnails

#7
Jintan

Posted 05 December 2011 - 07:19 PM

Trusted Helper

Malware Removal
904 posts

Important to really attend to the steps, when doing these repairs.

The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

But be sure to create and post back that uninstall list.

#8
bcfcmeerkat

Posted 05 December 2011 - 07:31 PM

Member

Topic Starter
Member
38 posts

Do you mean Hijackthis as it does not show run as admin that when i right click it.

#9
Jintan

Posted 05 December 2011 - 07:53 PM

Trusted Helper

Malware Removal
904 posts

It should. Navigate to this file instead, and right click/Run as administrator for now:

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

#10
bcfcmeerkat

Posted 05 December 2011 - 08:03 PM

Member

Topic Starter
Member
38 posts

Here is a copy of the scan.

Thank you

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:58:55, on 06/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {14940384-1ea8-4976-9800-2c1d1c350bf0} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://louk.solidwor...elsStandard.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{955686F7-4267-4951-818D-A05553FE0B61}: NameServer = 82.132.254.2 82.132.254.3
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 8420 bytes

#11
Jintan

Posted 05 December 2011 - 08:33 PM

Trusted Helper

Malware Removal
904 posts

Really need to read and follow the steps please. If you would, go back and review the steps to have HijackThis create an uninstall list.

#12
bcfcmeerkat

Posted 05 December 2011 - 08:41 PM

Member

Topic Starter
Member
38 posts

How do i make an unistall list can not see it anywhere ?.

thank you

#13
Jintan

Posted 05 December 2011 - 08:44 PM

Trusted Helper

Malware Removal
904 posts

The steps posted here earlier. This thread can serve as a reference guide for you, so be sure to look back through it instead of waiting for my reply, to save time.

#14
bcfcmeerkat

Posted 05 December 2011 - 08:51 PM

Member

Topic Starter
Member
38 posts

Sorry i missed that bit before not looking properly.

Thank you

Acer Crystal Eye Webcam
Acer Crystal Eye Webcam Video Class Camera
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Any Video Converter 3.2.0
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
avast! Free Antivirus
Badoo Desktop
BBC iPlayer Desktop
BBC iPlayer Desktop
BitTorrent
CCleaner
Click to Call with Skype
D3DX10
DAEMON Tools Lite
DriverMax 5
eMule
FileHippo.com Update Checker
foobar2000 v1.1.7
Google Earth
Google Gmail Notifier
Google Update Helper
HiJackThis
Intel® Graphics Media Accelerator Driver
Internet TV for Windows Media Center
Java™ 6 Update 26
Java™ 7 Update 1
JMicron Flash Media Controller Driver
Junk Mail filter update
KeePass Password Safe 2.16
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaMonkey 4.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (8.0)
MSVCRT
NVIDIA PhysX v8.04.25
O2 Connection Manager
OpenOffice.org 3.3
Opera 11.52
QuickTime
Rapport
Rapport
Return to Castle Wolfenstein - Platinum Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shareaza 2.5.4.0
Skype™ 5.5
Sony Ericsson PC Companion 2.01.149
Spybot - Search & Destroy
Stellarium 0.11.0
swMSM
System Requirements Lab CYRI
System Requirements Lab for Intel
Uniblue SpeedUpMyPC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC 9.0 Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 beta 1 (32-bit)
Yahoo! Messenger
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar

#15
Jintan

Posted 06 December 2011 - 05:11 PM

Trusted Helper

Malware Removal
904 posts

There, that's the log. Since no one system can have more than one antivirus program installed, since that causes all sorts of issues, can you verify for me your Zone Alarm install is only the firewall? I see references, to the firewall, but also ZoneAlarm Free, and the logs seem to suggest you have more than just the firewall (like this that shows on your system).