Internet Explorer script error messages but no Internet Explorer!
-
Internet Explorer script error messages but no Internet Explorer!
Hi All,
Posting here at the recommendation of broni after posting same incorrectly in General Internet Queries.
Sorry but I've searched all over for an (easy?) answer to this problem to no avail.
I'm not a computer expert by any means so please forgive any naivety in my approach.
I just appear to know more than some.
Who said to know a little is dangerous?! lol
My colleague's daughter's laptop had been infected with Windows Restore.
No wonder considering all the rubbish on it and lapsed Norton IS 6!
However I got rid of what I considered K.r.@.p. and have downloaded and run Superantispyware, Malwarebytes, CCleaner and Avast AV, and it is so much (comparably!) better.
She had Firefox 3 and IE 6 so I updated both. Firefox now 4, IE became 8.
I then kept getting IE script error messages so I DL and run Spybot Search & destroy.
This found even more rogues!
But still the IE script error messages giving references to web sites I knew nothing about.
I then uninstalled IE and deleted the folder from programmes folder.
But still IE script error messages.
I have tried not to reformat as she has lots (lots!) of pics and vids and I don't want to transfer any rogueware to a copy dvd in turn reinfecting in reloading, hopefully you know what I mean.
Also now has Zone Alarm firewall which appears to have helped slightly but not completely.
Anyway, any suggestions on what I might have missed to keep getting these messages?
Oh yes, on one occasion I heard a playback of what seemed like some kind of commercial though no display nor actively connected to the internet.
Apologies for the long post.
Any help greatly appreciated.
All the best.
-
Please, complete all steps listed here: HERE
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
-
Hi Broni,
As I type the laptop in question is 'hanging', with the desktop pic displayed but nothing else, no taskbar, no icons.
This was after trying to run DDS.
Avast opened up with a recommendation to open pev.dat in its sandbox so I did. No idea what the sandbox is in this context but I trusted Avast to be advising me correctly.
I appear to have done wrong!
Sorry.
Advice please?
Restart I suppose?
Cheers.
-
-
Originally Posted by
broni 
Yes, go ahead....
Ha!
Have tried four times to send, one with attach attached.
No good!
Time out error.
Files must be too big.
Sorry.
I'm going to try splitting the logs. Hope you don't mind.
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 6388
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
18/04/2011 11:39:02
mbam-log-2011-04-18 (11-39-02).txt
Scan type: Quick scan
Objects scanned: 168214
Time elapsed: 18 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
- - - - -
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 182):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xF7AFE000 \WINDOWS\system32\KDCOM.DLL
0xF7A0E000 \WINDOWS\system32\BOOTVID.dll
0xF74CF000 ACPI.sys
0xF7B00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BE000 pci.sys
0xF75FE000 isapnp.sys
0xF7A12000 ACPIEC.sys
0xF7BC6000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7A16000 compbatt.sys
0xF7A1A000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7BC7000 pciide.sys
0xF787E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B02000 aliide.sys
0xF7B04000 cmdide.sys
0xF7B06000 toside.sys
0xF7B08000 viaide.sys
0xF7B0A000 intelide.sys
0xF760E000 MountMgr.sys
0xF749F000 ftdisk.sys
0xF7B0C000 dmload.sys
0xF7479000 dmio.sys
0xF7886000 PartMgr.sys
0xF761E000 VolSnap.sys
0xF7A1E000 cpqarray.sys
0xF7461000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7449000 atapi.sys
0xF7A22000 aha154x.sys
0xF788E000 sparrow.sys
0xF7A26000 symc810.sys
0xF762E000 aic78xx.sys
0xF7A2A000 dac960nt.sys
0xF763E000 ql10wnt.sys
0xF7A2E000 amsint.sys
0xF7896000 asc.sys
0xF7A32000 asc3550.sys
0xF789E000 mraid35x.sys
0xF78A6000 i2omp.sys
0xF7A36000 ini910u.sys
0xF764E000 ql1240.sys
0xF765E000 aic78u2.sys
0xF78AE000 symc8xx.sys
0xF78B6000 sym_hi.sys
0xF78BE000 sym_u3.sys
0xF78C6000 ABP480N5.SYS
0xF78CE000 asc3350p.sys
0xF7B0E000 cd20xrnt.sys
0xF766E000 ultra.sys
0xF78D6000 dpti2o.sys
0xF7430000 adpu160m.sys
0xF767E000 ql1080.sys
0xF768E000 ql1280.sys
0xF769E000 ql12160.sys
0xF78DE000 perc2.sys
0xF7B10000 perc2hib.sys
0xF78E6000 hpn.sys
0xF7A3A000 cbidf2k.sys
0xF7404000 dac2w2k.sys
0xF78EE000 o2sd.sys
0xF76AE000 o2media.sys
0xF76BE000 disk.sys
0xF76CE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73E4000 fltMgr.sys
0xF73CD000 KSecDD.sys
0xF7340000 Ntfs.sys
0xF7313000 NDIS.sys
0xF76DE000 sisagp.sys
0xF76EE000 viaagp.sys
0xF76FE000 ohci1394.sys
0xF770E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72F8000 Mup.sys
0xF771E000 alim1541.sys
0xF772E000 amdagp.sys
0xF773E000 agp440.sys
0xF774E000 agpCPQ.sys
0xF777E000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF72C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7ACE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7092000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF707E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7059000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF791E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7036000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF794E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7022000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF72B8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF798E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF799E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF72A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7298000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7288000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FFF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7B1C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF79F6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7CB0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7278000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7234000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F48000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7268000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7258000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF796E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F37000 \SystemRoot\system32\DRIVERS\psched.sys
0xF778E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79A6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79B6000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6F06000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF779E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B22000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6EAD000 \SystemRoot\system32\DRIVERS\update.sys
0xF7210000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77AE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA6ED000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF79E6000 \SystemRoot\System32\Drivers\Modem.SYS
0xAA249000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA227000 \SystemRoot\system32\drivers\portcls.sys
0xF77CE000 \SystemRoot\system32\drivers\drmk.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B30000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B34000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D15000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B38000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7946000 \SystemRoot\System32\drivers\vga.sys
0xF7B3C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B40000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7976000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF797E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6E99000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA1CC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA174000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF77EE000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA153000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA08B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7996000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF780E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9FE2000 \SystemRoot\System32\vsdatant.sys
0xA9F81000 \SystemRoot\System32\drivers\afd.sys
0xF72E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7966000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xA9F5F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF79CE000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA9F34000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9EC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6FEF000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9E67000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA9E1F000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA9D99000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xAA6B5000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6FAF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9CA1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BA4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9CC1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7986000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CA0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9E17000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAA6CD000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA9AAB000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA9C19000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA9B35000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6F5F000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF7926000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xA9864000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA95BC000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xA9590000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9437000 \SystemRoot\System32\Drivers\HTTP.sys
0xA93FA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA95F4000 \SystemRoot\system32\drivers\sysaudio.sys
0xA928D000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7B4C000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA8879000 \??\C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\pxliqaog.sy s
0xA882B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA87EC000 \SystemRoot\system32\DRIVERS\rt73.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 47):
0 System Idle Process
4 System
764 C:\WINDOWS\system32\smss.exe
848 csrss.exe
876 C:\WINDOWS\system32\winlogon.exe
924 C:\WINDOWS\system32\services.exe
936 C:\WINDOWS\system32\lsass.exe
1116 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1220 C:\WINDOWS\system32\svchost.exe
1372 svchost.exe
1476 svchost.exe
704 C:\WINDOWS\system32\wltrysvc.exe
756 C:\WINDOWS\system32\bcmwltry.exe
788 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
948 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1488 C:\WINDOWS\system32\spoolsv.exe
1876 svchost.exe
1976 C:\WINDOWS\ehome\ehrecvr.exe
2044 C:\WINDOWS\ehome\ehSched.exe
608 C:\WINDOWS\system32\o2flash.exe
660 C:\WINDOWS\explorer.exe
2272 C:\Program Files\Secunia\PSI\sua.exe
2396 svchost.exe
2440 C:\WINDOWS\system32\svchost.exe
2572 mcrdsvc.exe
3008 C:\WINDOWS\RTHDCPL.exe
3016 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3108 C:\WINDOWS\system32\ctfmon.exe
3308 C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
3340 C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
3384 C:\Program Files\RALINK\Common\RaUI.exe
3452 C:\Program Files\Secunia\PSI\psi_tray.exe
3484 C:\Program Files\Belkin\F5D7011\ChkDev.exe
3780 C:\WINDOWS\system32\dllhost.exe
156 alg.exe
2840 C:\WINDOWS\system32\svchost.exe
3588 C:\WINDOWS\system32\wuauclt.exe
524 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3868 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
2208 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
1580 C:\Program Files\Mozilla Firefox\firefox.exe
3104 C:\Program Files\Mozilla Firefox\plugin-container.exe
224 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
3896 C:\Program Files\Mozilla Firefox\plugin-container.exe
2848 C:\Documents and Settings\jennifer harvey\My Documents\Downloads\MBRCheck.exe
2760 <unknown>
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`2ff6d800 (NTFS)
PhysicalDrive0 Model Number: HTS541060G9SA00, Rev: MB3OC60R
Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 5695AAF95A32284894D71211499743BB702112B6
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
-
Sorry Broni, the gmer file looks like a biggie.
Appears to be causing th eproblem.
Won't even send on its own!
Can I split the file?
Anyway, here are the DDS files:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jennifer harvey at 1:41:35.25 on 19/04/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.368 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Secunia\PSI\PSIA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jennifer harvey\Desktop\dds(1).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*Yahoo! UK
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%languag e
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://uk.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80269&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80269
uURLSearchHooks: H - No File
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: !{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No File
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: !{C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bel kin~2.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bel kin~1.lnk - c:\program files\belkin\f5d7011\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ral ink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sec uni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://fishesrule48.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.mypix.com/importer/ImageUploader4.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-0f778b48a1737070.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jennif~1\applic~1\mozilla\firefox\prof iles\ulwz60xv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npF FApi.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2medi a.sys [2006-2-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.s ys [2006-2-20 29056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-4-13 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-13 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-17 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-4-13 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-4-13 42184]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 uifr;uifr;c:\windows\system32\drivers\droj.sys --> c:\windows\system32\drivers\droj.sys [?]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\pro gram files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-8-24 14336]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-9-5 176128]
S3 VNUWL5B;VIA Networking Technologies USB Wireless LAN Adapter Driver Service;c:\windows\system32\drivers\VNUWL5B.SYS [2006-9-5 134656]
.
=============== Created Last 30 ================
.
2011-04-17 22:48:26 -------- d-----w- c:\docume~1\jennif~1\applic~1\CheckPoint
2011-04-17 22:46:24 -------- d-----w- c:\windows\Internet Logs
2011-04-17 17:04:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-17 17:04:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-17 15:00:46 12399552 ----a-w- c:\program files\mozilla firefox\Firefox Setup 4.0.exe
2011-04-16 23:30:22 -------- d-----w- c:\program files\MSECache
2011-04-16 23:09:42 -------- d-----w- c:\program files\iPod
2011-04-16 23:09:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-16 22:51:15 -------- d-----w- c:\docume~1\jennif~1\locals~1\applic~1\Secunia PSI
2011-04-16 22:51:01 -------- d-----w- c:\program files\Secunia
2011-04-16 00:57:01 -------- d-----w- c:\docume~1\jennif~1\applic~1\SUPERAntiSpyware.com
2011-04-16 00:56:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 00:55:25 10700680 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-04-16 00:45:59 -------- d-----w- c:\program files\Windows Media Connect 2
2011-04-16 00:32:22 -------- d-sh--w- c:\documents and settings\jennifer harvey\PrivacIE
2011-04-16 00:29:40 -------- d-sh--w- c:\documents and settings\jennifer harvey\IETldCache
2011-04-16 00:27:02 -------- d-----w- c:\windows\ie8updates
2011-04-16 00:24:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-16 00:24:52 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-04-14 23:31:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 09:40:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-13 16:19:26 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-13 13:38:40 40648 ----a-w- c:\windows\avastSS.scr
2011-04-13 13:37:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-04-13 10:17:01 -------- d-----w- c:\program files\CCleaner
2011-04-13 10:07:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-13 00:43:25 -------- d-----w- c:\docume~1\jennif~1\applic~1\Malwarebytes
2011-04-13 00:43:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 00:43:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 19:08:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2011-04-12 19:08:01 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-06 14:09:21 -------- d-----w- c:\windows\system32\appmgmt
2011-04-06 10:20:12 -------- d-----w- C:\f024ac25ed55782648
2011-04-06 10:06:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-04-06 10:05:31 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-06 10:05:25 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-06 10:05:25 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-06 10:05:22 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-04-06 10:05:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-06 10:05:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-06 10:05:08 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-04-06 09:57:41 -------- d-----w- C:\164577dc6e0cca4b5bea839426f175
2011-03-28 16:12:57 -------- dc----w- c:\docume~1\alluse~1\applic~1\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
2011-03-27 17:11:58 -------- d-----w- c:\docume~1\jennif~1\locals~1\applic~1\Temp
2011-03-27 17:11:39 -------- d-----w- c:\docume~1\jennif~1\locals~1\applic~1\FLVService
2011-03-27 17:11:34 -------- d-----w- c:\windows\Freecorder
2011-03-27 12:04:22 -------- d-----w- c:\docume~1\jennif~1\applic~1\DVDVideoSoft
2011-03-20 21:48:26 -------- d-----w- c:\docume~1\jennif~1\applic~1\Ilra
2011-03-20 21:48:26 -------- d-----w- c:\docume~1\jennif~1\applic~1\Emug
.
==================== Find3M ====================
.
2011-03-11 13:19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-18 16:28:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2003-08-27 21:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 1:45:00.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25/12/2006 09:23:30
System Uptime: 19/04/2011 01:21:29 (0 hours ago)
.
Motherboard: DIXONSXP | | DIXONSXP
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U2E1 | 1466/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 16.078 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g Mini Card Wireless Adapter
Device ID: USB\VID_0DB0&PID_6877\5&A8BDB19&0&3
Manufacturer: Ralink Technology Corp.
Name: 802.11g Mini Card Wireless Adapter
PNP Device ID: USB\VID_0DB0&PID_6877\5&A8BDB19&0&3
Service: RT73
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Software Update
avast! Free Antivirus
Belkin Wireless G Plus Notebook Card
Belkin Wireless USB Utility
CCleaner
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Lame ACM MP3 Codec
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox 4.0 (x86 en-GB)
MSVCRT
O2Micro Flash Memory Card Windows Driver V2.04
OCA Client history tool install
Power2Go 4.0
PowerDVD
QuickTime
Ralink Wireless LAN Card
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
SAMSUNG CDMA Modem Driver Set
Samsung Media Studio
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Secunia PSI (2.0.0.3001)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP SP2 LIP update
XviD MPEG-4 Video Codec
ZoneAlarm
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
19/04/2011 01:29:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Scheduler Service service to connect.
19/04/2011 01:29:33, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/04/2011 00:24:02, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasAuto service.
19/04/2011 00:23:32, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
19/04/2011 00:23:02, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
18/04/2011 11:34:59, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is HOME-GPJJJ.
18/04/2011 11:17:49, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.86. The machine with the IP address 192.168.1.67 did not allow the name to be claimed by this machine.
18/04/2011 11:10:05, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 11:10:04, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 11:09:57, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
18/04/2011 02:16:16, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
18/04/2011 02:04:25, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
18/04/2011 00:13:00, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the seclogon service.
18/04/2011 00:13:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
18/04/2011 00:13:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secunia Update Agent service to connect.
18/04/2011 00:13:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secunia PSI Agent service to connect.
18/04/2011 00:13:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the O2Micro Flash Memory service to connect.
18/04/2011 00:13:00, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
18/04/2011 00:13:00, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/04/2011 00:13:00, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/04/2011 00:13:00, error: Service Control Manager [7000] - The Secunia PSI Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/04/2011 00:13:00, error: Service Control Manager [7000] - The O2Micro Flash Memory service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/04/2011 16:31:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
17/04/2011 16:22:35, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL StarOpen Tcpip
17/04/2011 16:22:35, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
17/04/2011 16:22:35, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/04/2011 16:22:35, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/04/2011 16:22:35, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
17/04/2011 16:22:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
17/04/2011 16:22:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
17/04/2011 16:22:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/04/2011 16:14:19, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Receiver Service service to connect.
16/04/2011 13:40:45, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019DB012BA5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
15/04/2011 22:49:10, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
15/04/2011 13:43:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Windows XP Service Pack 3 (KB936929).
15/04/2011 13:43:21, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
15/04/2011 13:41:53, error: Service Control Manager [7034] - The O2Micro Flash Memory service terminated unexpectedly. It has done this 1 time(s).
15/04/2011 02:30:06, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
15/04/2011 02:20:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
15/04/2011 02:14:51, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
15/04/2011 02:14:51, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
13/04/2011 10:48:31, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
13/04/2011 10:42:13, error: Dhcp [1002] - The IP address lease 192.168.1.86 for the Network Card with network address 0019DB012BA5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/04/2011 00:07:01, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
13/04/2011 00:02:54, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
13/04/2011 00:02:54, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/04/2011 20:24:59, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/04/2011 20:24:59, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
12/04/2011 20:24:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
.
==== End Of File ===========================
-
Sorry, gmer won't even attach as a zip file.
Must be me!
I'm gonna try half and half.
GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-18 23:07:33
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HTS541060G9SA00 rev.MB3OC60R
Running: 66643sw7.exe; Driver: C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\pxliqaog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9DAB9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9E28A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9DCBAF5]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAA003534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9DADEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9DADF04]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA9FFD782]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9DAE01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9DCB4A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9DADE02]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAA003CC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9DADF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9DADE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9DADFC8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAA003DF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9DAB9EE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA9FFE398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9DCC1BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9DCC471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9DAE29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9DCC026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9DCBE91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9E28B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9DAB7B8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAA01E93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAA01EB44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9DABA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9DAE412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9DAC4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9DADEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9DADF2C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA9FFDFAA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9DAE044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9DCB805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9DADE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9DAE0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9DADF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9DADE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9DAE1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9DADFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9E28BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9DCBD0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9DAC370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9DCBB5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9E30E26]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAA01F208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAA0030F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9DCAB1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9DABA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9DABA5A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA9FFE75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAA01FE12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9DAB812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9DAB94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9DCC2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9DAB92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9DAB972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9DABA7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23F8 80501BF0 16 Bytes [AC, DE, DA, A9, 04, DF, DA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2460 80501C58 12 Bytes [EE, B9, DA, A9, 98, E3, FF, ...] {OUT DX, AL ; MOV ECX, 0xe398a9da; JMP FAR DWORD [ECX-0x56233e45]}
.text ntkrnlpa.exe!ZwCallbackReturn + 24F0 80501CE8 12 Bytes [B8, B7, DA, A9, 3C, E9, 01, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2534 80501D2C 16 Bytes [DC, DE, DA, A9, 2C, DF, DA, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B4F4 4 Bytes CALL A9DACE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B192A 5 Bytes JMP A9E3929E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8618 5 Bytes JMP A9E3AD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
INITc VolSnap.sys F7629BD0 4 Bytes [E0, 66, 53, 80]
INITc VolSnap.sys F7629BF8 4 Bytes [D0, 8E, 4F, 80]
INITc VolSnap.sys F7629C20 4 Bytes [4E, 9B, 4F, 80]
INITc VolSnap.sys F7629C48 4 Bytes [5C, DF, 4F, 80] {POP ESP; FISTTP WORD [EDI-0x80]}
INITc VolSnap.sys F7629C70 4 Bytes [84, 95, 4F, 80]
INITc ...
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !
.text ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791
.text ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58
.text ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\alg.exe[156] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[156] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[156] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\alg.exe[156] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[156] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\o2flash.exe[608] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\o2flash.exe[608] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\o2flash.exe[608] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003701D4
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0037015C
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370198
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\o2flash.exe[608] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\o2flash.exe[608] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0038006C
.text C:\WINDOWS\Explorer.EXE[660] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[660] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[660] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003301D4
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003300E4
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00330120
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0033015C
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00330198
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00330030
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0033006C
.text C:\WINDOWS\Explorer.EXE[660] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003300A8
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00340120
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003400E4
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003400A8
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00340030
.text C:\WINDOWS\Explorer.EXE[660] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0034006C
.text C:\WINDOWS\Explorer.EXE[660] WININET.dll!HttpAddRequestHeadersA 771C40FA 7 Bytes JMP 009B164F
.text C:\WINDOWS\Explorer.EXE[660] WININET.dll!HttpAddRequestHeadersW 771CEF2C 5 Bytes JMP 009B1817
.text C:\WINDOWS\System32\wltrysvc.exe[704] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00140030
.text C:\WINDOWS\System32\wltrysvc.exe[704] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0014006C
.text C:\WINDOWS\System32\wltrysvc.exe[704] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003701D4
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003700E4
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370120
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0037015C
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370198
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00370030
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0037006C
.text C:\WINDOWS\System32\wltrysvc.exe[704] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003700A8
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380120
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003800E4
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003800A8
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00380030
.text C:\WINDOWS\System32\wltrysvc.exe[704] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0038006C
.text C:\WINDOWS\System32\bcmwltry.exe[756] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00140030
.text C:\WINDOWS\System32\bcmwltry.exe[756] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0014006C
.text C:\WINDOWS\System32\bcmwltry.exe[756] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003901D4
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003900E4
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390120
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0039015C
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390198
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00390030
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0039006C
.text C:\WINDOWS\System32\bcmwltry.exe[756] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003900A8
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0120
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A00E4
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A0030
.text C:\WINDOWS\System32\bcmwltry.exe[756] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A006C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003801D4
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003800E4
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380120
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0038015C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380198
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00380030
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0038006C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003800A8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390120
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!DefDlgProcW + 56E 7E423D08 2 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!DefDlgProcW + 571 7E423D0B 2 Bytes [85, A2]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003900E4
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003900A8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00390030
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[788] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[924] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[924] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\services.exe[924] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\services.exe[924] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\lsass.exe[936] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[936] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\lsass.exe[936] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[936] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[948] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\spoolsv.exe[1488] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1876] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1876] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00080030
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0008006C
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C01D4
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C00E4
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0120
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C015C
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0198
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C0030
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C006C
.text C:\WINDOWS\eHome\ehRecvr.exe[1976] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C00A8
.text C:\WINDOWS\eHome\ehSched.exe[2044] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00080030
.text C:\WINDOWS\eHome\ehSched.exe[2044] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0008006C
.text C:\WINDOWS\eHome\ehSched.exe[2044] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\eHome\ehSched.exe[2044] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C01D4
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C00E4
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0120
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C015C
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0198
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C0030
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C006C
.text C:\WINDOWS\eHome\ehSched.exe[2044] ADVAPI32.dll!DeleteService
-
gmer - part deux.
I hope!
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C
.text C:\Program Files\Secunia\PSI\sua.exe[2272] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003801D4
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003800E4
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380120
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0038015C
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380198
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00380030
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0038006C
.text C:\Program Files\Secunia\PSI\sua.exe[2272] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003800A8
.text C:\Program Files\Secunia\PSI\sua.exe[2272] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\sua.exe[2272] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2440] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2440] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[2440] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2440] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00080030
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0008006C
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C01D4
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C00E4
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0120
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C015C
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0198
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C0030
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C006C
.text C:\WINDOWS\ehome\mcrdsvc.exe[2572] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[2840] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[2840] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[2840] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\svchost.exe[2840] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[2840] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[3008] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370120
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003700E4
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003700A8
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00370030
.text C:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0037006C
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003801D4
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003800E4
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380120
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0038015C
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380198
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00380030
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0038006C
.text C:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003800A8
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[3108] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[3108] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\ctfmon.exe[3108] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[3108] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C006C
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003801D4
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003800E4
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380120
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0038015C
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380198
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00380030
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0038006C
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003800A8
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390120
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003900E4
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003900A8
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00390030
.text C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0039006C
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003801D4
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003800E4
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380120
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0038015C
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380198
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00380030
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0038006C
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003800A8
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390120
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003900E4
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003900A8
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00390030
.text C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0039006C
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00140030
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0014006C
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003701D4
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003700E4
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370120
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0037015C
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370198
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00370030
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0037006C
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003700A8
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380120
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003800E4
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003800A8
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00380030
.text C:\Program Files\RALINK\Common\RaUI.exe[3384] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0038006C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380120
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003800E4
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003800A8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00380030
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0038006C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003901D4
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003900E4
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390120
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0039015C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390198
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00390030
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0039006C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[3452] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003900A8
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00140030
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0014006C
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003701D4
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003700E4
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370120
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 0037015C
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370198
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00370030
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 0037006C
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003700A8
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380120
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003800E4
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003800A8
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00380030
.text C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\wscntfy.exe[3584] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[3584] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\wuauclt.exe[3588] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\wuauclt.exe[3588] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[3588] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wuauclt.exe[3588] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\dllhost.exe[3780] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\dllhost.exe[3780] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\dllhost.exe[3780] kernel32.dll!OpenProcess 7C830A01 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!SetThreadToken 77DDF17B 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\dllhost.exe[3780] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!FindWindowA 7E42DE87 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!FindWindowW 7E42E13A 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\dllhost.exe[3780] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B006C
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA008672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA006C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA008CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA0084C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\System32\alg.exe[156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\o2flash.exe[608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\wltrysvc.exe[704] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\bcmwltry.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[924] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00640002
IAT C:\WINDOWS\system32\services.exe[924] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00640000
IAT C:\WINDOWS\system32\services.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[936] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[1488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehRecvr.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehSched.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Documents and Settings\jennifer harvey\My Documents\Downloads\66643sw7.exe[2224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Secunia\PSI\sua.exe[2272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[2840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\RTHDCPL.EXE[3008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[3016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[3108] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Belkin\F5D7011\Belkinwcui.exe[3340] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\RALINK\Common\RaUI.exe[3384] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Secunia\PSI\psi_tray.exe[3452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Belkin\F5D7011\ChkDev.exe[3484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wscntfy.exe[3584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wuauclt.exe[3588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\dllhost.exe[3780] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Threads - GMER 1.0.15 ----
Thread System [4:132] 86CB6E84
Thread System [4:136] 86CB9084
---- EOF - GMER 1.0.15 ----
-
I've got a feeling that I should have done something to get rid of a lot of the rubbish in the posted files.
Apologies again for their size and complexity.
I look forward to your response sometime next year! lol
Again, many thanks for your time and consideration.
I'm sure the girl will appreciate it! Ahem.
Cheers
Last edited by garyd; 19-04-2011 at 03:07 AM.
Reason: Typo
-
You did well 
I can see some Norton's leftovers. Please, run this tool to remove them: Download and run the Norton Removal Tool to uninstall your Norton product | Norton Support
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Full Member
