Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection - Very Tough Diagnosis & Removal


  • This topic is locked This topic is locked
58 replies to this topic

#1 goatchaps

goatchaps

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 July 2009 - 12:11 AM

Hi there, I have been dealing with this infection since this past Friday. I am new to the forum, but I have viewed the forum as a guest before and the people here seem to know a lot about this type of thing, so I hope you can help.

So here are the problems:

My dvd +/- double layer burner is only showing as a regular cd-rom and Nero will not see any cd-rom drives on my computer anymore. In Administrative Tools -> Computer Management -> Disk Management, nothing comes up, not even the hard drive...even with a rescan disks.

After a Google search, when clicking on a search result link, the link gets hijacked to a different web page both in firefox and ie.

An error that I received before running some virus scans was: "the application or dll globalroot\systemroot\system32\hjgruisxjqngvx.dll is not a valid windows image. please check this against your installation diskette.". I still get this error in Safe Mode at boot and I also get the same error when opening notepad, the control panel, or a number of other programs in safe mode. I do not see this error in anything besides safe mode anymore.

There were a couple of infected system restore files, so I have turned off system restore. (I tried to run a system restore before these were found and it would not work)

I have run a number of different scans in and out of safe mode with a number of different virus/spyware scanners, but nothing has helped as of yet...I am willing to start fresh with the scans and use whatever you ask me to. The infections found ranged from a couple of trojans to a worm....and of course cookies.

That's all I can remember right now...it's been a tough few days for me. Thanks in advance for your assistance; this is my first time ever needing to post in a forum like this.

Here is the DDS log (the 2nd dds file is attached):



DDS (Ver_09-06-26.01) - NTFSx86
Run by Chris at 23:35:16.62 on Tue 07/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.154 [GMT -5:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\websites\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\websites\xampp\mysql\bin\mysqld.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\websites\xampp\apache\bin\httpd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\IswTmp\DwlRun\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Anonymizer Proxy: {0db66ba8-5e1f-4963-93d1-e1d6b78fe9a2} - c:\program files\hide real ip\ProxyNew.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177895991156
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E2513C8C-DE5A-4FBF-8AE7-7C1E72004D96} = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\o1746j6i.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.mlb.com/mlb/fantasy/wsfb/scoreboard/index.jsp|http://mlb.mlb.com/mlb/fantasy/wsfb/news/injuries.jsp|http://us.mc657.mail.yahoo.com/mc/showFolder?.rand=271853768#_pg=showFolder&fid=Inbox&order=down&tt=9849&pSize=25&.rand=183592

5959&hash=eb539fae7ce237a15a22de252d28b83b&.jsrand=8832589|http://mail.google.com/mail/?hl=en&zx=a64tmup4yidb&shva=1#inbox|http://webmail.aol.com/43661/aol/en-us/Suite.aspx|http://members.000webhost.com/cpanel.php?accountID=2216691&login

_hash=IJqbWyjgzNAwLjNk
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-13 11608]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-5-31 150544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-13 55640]
R2 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-2-12 21136]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-2-12 54928]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2007-5-10 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2007-5-10 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2007-5-10 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2007-5-10 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2007-5-10 69632]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-07-07 13:24 <DIR> --d----- c:\documents and settings\chris\.housecall6.6
2009-07-07 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\17644214
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!fe8_3d6c!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!ed8_29!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!744_29!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!740_18be!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!1438_4ae1!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!1434_4823!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe
2009-07-06 12:34 38,224 a------- c:\windows\system32\drivers\neokdss.sys
2009-07-06 05:57 <DIR> --d----- c:\documents and settings\chris\DoctorWeb
2009-07-06 04:41 <DIR> --d----- c:\program files\Lavasoft
2009-07-06 04:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-07-06 04:29 <DIR> --d----- c:\program files\Security Task Manager
2009-07-06 04:11 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 04:11 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-06 04:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 03:55 <DIR> --d----- c:\docume~1\chris\applic~1\Malwarebytes
2009-07-06 03:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-06 02:55 10,752 a------- c:\windows\DCEBoot.exe
2009-07-05 23:21 <DIR> --d----- c:\windows\system32\log
2009-07-05 22:57 <DIR> --d----- c:\windows\LocalSSL
2009-07-05 22:56 52,752 a------- c:\windows\system32\drivers\tmactmon.sys
2009-07-05 22:56 52,624 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-07-05 22:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-07-04 15:47 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-04 02:46 <DIR> --d----- c:\program files\PowerISO 4.4
2009-07-03 23:57 <DIR> --d----- C:\bc6d5aec26d9c9db7afa37ed18
2009-07-03 23:55 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-03 23:07 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-03 23:03 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-02 11:59 3,248 a------- c:\windows\system32\wbem\Outlook_01c9fb366906bda8.mof
2009-06-28 22:34 <DIR> --d----- c:\program files\BitPim
2009-06-18 07:46 <DIR> --d----- c:\program files\Artisteer 2
2009-06-18 06:41 <DIR> --d----- C:\websites
2009-06-15 21:11 327,680 a------- c:\windows\system32\vp6dec.ax
2009-06-15 21:11 118,832 a------- c:\windows\system32\SHW32.DLL
2009-06-15 20:51 <DIR> --d----- c:\program files\EA Sports
2009-06-15 20:49 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-06-14 04:20 <DIR> --d----- c:\program files\Yahoo!
2009-06-12 22:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2009-06-12 22:53 <DIR> --d----- c:\program files\GlobalSCAPE
2009-06-12 22:47 <DIR> --d----- c:\program files\Copy of SmartFTP Client 2.0
2009-06-12 22:25 <DIR> --d----- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-12 16:17 <DIR> --d----- c:\windows\G2Runner
2009-06-12 15:56 <DIR> --d----- c:\program files\Eidos Interactive

==================== Find3M ====================

2009-07-07 23:20 192,512 a------- c:\windows\system32\kdfvmgr.exe
2009-07-07 23:20 77,824 a------- c:\windows\system32\kdfapi.dll
2009-07-07 23:19 53,248 a------- c:\windows\system32\Kdfhok.dll
2009-07-06 12:29 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-05 23:09 849,920 a------- c:\windows\system32\kdfinj.dll
2009-07-05 14:16 107,911 a------- c:\windows\system32\nvModes.dat
2009-07-04 02:23 148,555,040 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-04 02:23 1,990,652 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-04 18:56 87,608 a------- c:\docume~1\chris\applic~1\inst.exe
2009-06-04 18:56 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-04 18:56 47,360 a------- c:\docume~1\chris\applic~1\pcouffin.sys
2009-05-31 18:10 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 00:10 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2007-07-10 15:53 8 ---shr-- c:\windows\system32\E40DCCA7E0.sys
2007-09-28 19:28 3,400 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 23:40:07.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 16 July 2009 - 08:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 July 2009 - 12:51 PM

I've run a number of scans in and out of safe mode. I use superantispyware, zone alarm pro firewall, and avira free on a regular basis. Since this infection, I have also run malwarebytes antimalware and dr web free. Dr web finds a virus in system32\hjgruisxjqngvx.dll, but only in safe mode without networking. It says that it will remove the virus upon reboot and it never gets removed.

So here are the updated problems:

My dvd +/- double layer burner is only showing as a regular cd-rom. It will now read cds and Nero will see the drive only if there is a cd in the drive. It will not read or burn blank dvds. In Administrative Tools -> Computer Management -> Disk Management, nothing comes up, not even the hard drive...even with a rescan disks.

After a Google search, when clicking on a search result link, the link gets hijacked to a different web page both in firefox and ie. This was fixed for about a day after I removed a couple of programs from startup, but it is doing it once again.

I know that the virus is downloading files because it did change my background temporarily to an image that said "your computer is infected with spyware". The image was downloaded to my temp folder.

An error that I received before running some virus scans was: "the application or dll globalroot\systemroot\system32\hjgruisxjqngvx.dll is not a valid windows image. please check this against your installation diskette.". I still get this error in Safe Mode at boot and I also get the same error when opening notepad, the control panel, or a number of other programs in safe mode. I do not see this error in anything besides safe mode anymore.

There were a couple of infected system restore files, so I have turned off system restore. (I tried to run a system restore before these were found and it would not work)

I have run a number of different scans in and out of safe mode with a number of different virus/spyware scanners, but nothing has helped as of yet...I am willing to start fresh with the scans and use whatever you ask me to. The infections found ranged from a couple of trojans to a worm....and of course cookies.

That's all I can remember right now...it's been a tough few days for me. Thanks in advance for your assistance; this is my first time ever needing to post in a forum like this.

Here is the updated DDS log (the 2nd dds file is attached):


DDS (Ver_09-06-26.01) - NTFSx86
Run by Chris at 12:32:46.57 on Fri 07/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -5:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\websites\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\websites\xampp\mysql\bin\mysqld.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\websites\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Nero\Nero 9\Nero DriveSpeed\DriveSpeed.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Anonymizer Proxy: {0db66ba8-5e1f-4963-93d1-e1d6b78fe9a2} - c:\program files\hide real ip\ProxyNew.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177895991156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {3E8AD021-6EF2-4A33-B16E-13F32196E878} = 192.168.1.1
TCP: {E2513C8C-DE5A-4FBF-8AE7-7C1E72004D96} = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\o1746j6i.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.mlb.com/mlb/fantasy/wsfb/scoreboard/index.jsp|http://mlb.mlb.com/mlb/fantasy/wsfb/news/injuries.jsp|http://us.mc657.mail.yahoo.com/mc/showFolder?.rand=271853768#_pg=showFolder&fid=Inbox&order=down&tt=9849&pSize=25&.rand=183592

5959&hash=eb539fae7ce237a15a22de252d28b83b&.jsrand=8832589|http://mail.google.com/mail/?hl=en&zx=a64tmup4yidb&shva=1#inbox|http://webmail.aol.com/43661/aol/en-us/Suite.aspx|http://members.000webhost.com/cpanel.php?accountID=2216691&login

_hash=IJqbWyjgzNAwLjNk
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-13 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-31 353672]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-13 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-13 185089]
R2 Apache2.2;Apache2.2;c:\websites\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-13 55640]
R2 ISWKL;ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-2-12 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-2-12 390536]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-12 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-8 24652]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-2-12 54928]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-12 333328]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-5 52624]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2007-5-10 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2007-5-10 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2007-5-10 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2007-5-10 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2007-5-10 69632]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]
S4 tmproxy;Trend Micro Proxy Service;"c:\program files\trend micro\internet security\tmproxy.exe" --> c:\program files\trend micro\internet security\TmProxy.exe [?]

=============== Created Last 30 ================

2009-07-12 02:17 <DIR> --d----- c:\windows\system32\Quarantine
2009-07-12 02:17 1,195,448 a------- c:\windows\system32\drivers\vsapint.sys
2009-07-12 02:17 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-07-12 02:17 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-07-12 02:16 333,328 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-07-12 02:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-11 20:05 <DIR> --d----- c:\program files\CCleaner
2009-07-11 08:46 69 a------- c:\windows\NeroDigital.ini
2009-07-07 13:24 <DIR> --d----- c:\documents and settings\chris\.housecall6.6
2009-07-07 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\17644214
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!fe8_3d6c!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!ed8_29!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!744_29!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!740_18be!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!1438_4ae1!erased
2009-07-06 12:34 726,568 a------- c:\windows\system32\kdfmgr.exe!1434_4823!erased
2009-07-06 12:34 38,224 a------- c:\windows\system32\drivers\neokdss.sys
2009-07-06 05:57 <DIR> --d----- c:\documents and settings\chris\DoctorWeb
2009-07-06 04:41 <DIR> --d----- c:\program files\Lavasoft
2009-07-06 04:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-07-06 04:29 <DIR> --d----- c:\program files\Security Task Manager
2009-07-06 04:11 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 04:11 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-06 04:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 03:55 <DIR> --d----- c:\docume~1\chris\applic~1\Malwarebytes
2009-07-06 03:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-06 02:55 10,752 a------- c:\windows\DCEBoot.exe
2009-07-05 23:21 <DIR> --d----- c:\windows\system32\log
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!ee4_29!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!4d8_29!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1f8_440d!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1f8_29!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1d04_29!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1cb4_1eb!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1c70_2d12!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1c70_260d!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!1c70_2213!erased
2009-07-05 23:09 726,568 a------- c:\windows\system32\kdfmgr.exe!126c_29!erased
2009-07-05 22:56 52,624 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-07-05 22:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-07-04 15:47 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-04 02:46 <DIR> --d----- c:\program files\PowerISO 4.4
2009-07-03 23:57 <DIR> --d----- C:\bc6d5aec26d9c9db7afa37ed18
2009-07-03 23:55 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-03 23:07 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-03 23:03 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-02 11:59 3,248 a------- c:\windows\system32\wbem\Outlook_01c9fb366906bda8.mof
2009-06-28 22:34 <DIR> --d----- c:\program files\BitPim
2009-06-18 07:46 <DIR> --d----- c:\program files\Artisteer 2
2009-06-18 06:41 <DIR> --d----- C:\websites

==================== Find3M ====================

2009-07-17 12:08 107,911 a------- c:\windows\system32\nvModes.dat
2009-07-14 22:04 37,961 a------- c:\windows\DIIUnin.dat
2009-07-10 15:43 195,240 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-07-06 12:29 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-04 02:23 148,555,040 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-04 02:23 1,990,652 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-04 18:56 87,608 a------- c:\docume~1\chris\applic~1\inst.exe
2009-06-04 18:56 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-04 18:56 47,360 a------- c:\docume~1\chris\applic~1\pcouffin.sys
2009-05-31 18:10 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2007-07-10 15:53 8 ---shr-- c:\windows\system32\E40DCCA7E0.sys
2007-09-28 19:28 3,400 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-14 00:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041420090415\index.dat

============= FINISH: 12:35:12.35 ===============

Attached Files



#4 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 July 2009 - 12:57 PM

I see that trend micro is still showing up on the dds.txt, but i have previously uninstalled it. I did also try installing Kaspersky trial, but upon reboot I received a blue screen. I decided that Kaspersky is too picky and conflicts with too many programs.

I need the zone alarm pro firewall running because my other computer was hacked a couple of months ago....but the firewall in my router was disabled at the time, which is not the case anymore...and I did not have a software firewall running at the time either. I feel much more comfortable with zone alarm running as I can choose which programs to allow to use the internet connection.

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 17 July 2009 - 03:31 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

Now....
Please....
Stop running scans! Make no further changes to this computer. Limit use of this computer, particularly on the internet. Be patient. And follow my instructions. :thumbup2:

Based on your description it looks like you have a hidden rootkit as well as other malware! Let's find and remove them!!!!

I need a more in depth look at your computer.
Please do this.....

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please copy/paste the contents of that document in your next reply.

==========

And this........

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* CheckUp.txt
* OTL.txt
* OTL Extra.txt

I will review your logs and post instructions forthcoming.
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 July 2009 - 04:59 PM

I haven't run any of my own scans in a few days now, so my laptop is all yours.


Checkup.txt:


Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
AviraAntiVirPersonal-FreeAntivirus
AddorRemoveAdobeCreativeSuite 3 Web Premium
AddorRemoveAdobeCreativeSuite 3 Design Premium
AdobeCreativeSuite3WebPremium
AdobeCreativeSuite3DesignPremium
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 12 seconds.
`````````End of Log```````````




-------------------------------------------------------------------------------


OTL.txt:

OTL logfile created on: 7/17/2009 4:53:00 PM - Run 1
OTL by OldTimer - Version 3.0.9.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 389.98 Mb Available Physical Memory | 38.11% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 0.30 Gb Free Space | 0.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASTARD2
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/10/18 20:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/18 19:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 20:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2009/02/12 05:12:12 | 00,390,536 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009/06/12 19:53:30 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/12 19:53:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/12/09 18:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\websites\xampp\apache\bin\httpd.exe
PRC - [2007/10/31 17:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/02/28 14:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/03/16 06:29:28 | 06,562,432 | ---- | M] () -- C:\websites\xampp\mysql\bin\mysqld.exe
PRC - [2009/05/15 07:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/09 18:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\websites\xampp\apache\bin\httpd.exe
PRC - [2006/03/23 01:32:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/10/18 19:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/07 18:29:50 | 00,173,616 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/10/07 17:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2004/06/29 02:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2005/07/27 19:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/03/31 19:20:50 | 00,982,408 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/03/31 19:20:50 | 02,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/12 05:11:54 | 00,546,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\forcefield.exe
PRC - [2009/02/12 05:12:00 | 01,017,224 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
PRC - [2009/02/12 05:12:00 | 01,017,224 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
PRC - [2009/06/12 07:31:15 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/17 16:51:09 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/20 18:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
SRV - [2009/06/12 19:53:30 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/06/12 19:53:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/12/09 18:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\websites\xampp\apache\bin\httpd.exe -- (Apache2.2 [Auto | Running])
SRV - [2007/10/31 17:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/28 14:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/18 20:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2007/08/04 20:33:09 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/11/02 21:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/02/12 05:12:12 | 00,390,536 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc [Auto | Running])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2002/12/17 19:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 19:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2009/03/16 06:29:28 | 06,562,432 | ---- | M] () -- C:\websites\xampp\mysql\bin\mysqld.exe -- (mysql [Auto | Running])
SRV - [2009/05/15 07:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/03/23 01:32:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/05/11 20:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2006/10/18 19:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007/02/07 18:29:50 | 00,173,616 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/10/18 19:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - File not found -- -- (SfCtlCom [Disabled | Stopped])
SRV - [2002/12/17 19:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - File not found -- -- (TMBMServer [Disabled | Stopped])
SRV - File not found -- -- (TmPfw [Disabled | Stopped])
SRV - File not found -- -- (tmproxy [Disabled | Stopped])
SRV - [2007/01/19 14:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2009/03/31 19:20:50 | 02,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2006/10/18 20:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/04/29 19:44:42 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2007/05/08 05:35:43 | 00,073,928 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2005/09/28 23:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/11/21 00:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/04/27 08:52:21 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/04/27 08:52:21 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2004/05/26 17:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2007/02/28 15:56:07 | 00,015,440 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2006/09/19 17:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/05/03 17:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/05/03 17:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV [On_Demand | Running])
DRV - [2009/02/12 05:11:48 | 00,054,928 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak [On_Demand | Running])
DRV - [2009/02/12 05:12:18 | 00,021,136 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL [Auto | Running])
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2004/03/17 14:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/07/07 23:20:38 | 00,038,224 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\Drivers\neokdss.sys -- (neokdss [On_Demand | Stopped])
DRV - [2006/03/23 01:32:00 | 03,656,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/06/04 18:56:00 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2003/08/11 12:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/04 11:59:18 | 00,055,344 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\pwi_bus.sys -- (pwi_bus [On_Demand | Stopped])
DRV - [2005/05/04 12:00:10 | 00,009,200 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\pwi_mdfl.sys -- (pwi_mdfl [On_Demand | Stopped])
DRV - [2005/05/04 12:00:14 | 00,089,936 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\pwi_mdm.sys -- (pwi_mdm [On_Demand | Stopped])
DRV - [2005/05/04 12:01:30 | 00,009,472 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\pwi_oflt.sys -- (pwi_oflt [On_Demand | Stopped])
DRV - [2005/05/04 12:01:04 | 00,069,632 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\pwi_serd.sys -- (pwi_serd [On_Demand | Stopped])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/10/19 11:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/03/15 05:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/11/26 16:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5 [On_Demand | Stopped])
DRV - [2009/05/31 18:10:54 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/06/12 19:53:30 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/03/10 18:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2006/10/01 07:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys -- (tap0801 [On_Demand | Stopped])
DRV - [2008/02/15 23:37:50 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
DRV - [2009/04/02 16:00:08 | 00,052,624 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])
DRV - [2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
DRV - [2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
DRV - [2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])
DRV - [2009/03/31 19:20:54 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2006/10/25 09:24:38 | 02,208,768 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/05/03 17:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/11/02 18:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\S-1-5-21-2025429265-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mlb.com/mlb/fantasy/wsfb/scoreboard/index.jsp|http://mlb.mlb.com/mlb/fantasy/wsfb/news/injuries.jsp|http://us.mc657.mail.yahoo.com/mc/showFolder?.rand=271853768#_pg=showFolder&fid=Inbox&order=down&tt=9849&pSize=25&.rand=1835925959&hash=eb539fae7ce237a15a22de252d28b83b&.jsrand=8832589|http://mail.google.com/mail/?hl=en&zx=a64tmup4yidb&shva=1#inbox|http://webmail.aol.com/43661/aol/en-us/Suite.aspx|http://members.000webhost.com/cpanel.php?accountID=2216691&login_hash=IJqbWyjgzNAwLjNk"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.3.130.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009/05/31 13:43:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/05 14:17:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/17 01:26:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/15 20:48:52 | 00,000,000 | ---D | M]

[2009/06/01 18:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions
[2009/06/01 18:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/17 12:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\o1746j6i.default\extensions
[2009/07/05 16:32:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\o1746j6i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/08/22 21:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 07:31:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/12 07:31:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 07:31:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/06/12 07:31:21 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 21:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/11/10 00:39:28 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/11/10 00:39:28 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/11/10 00:39:28 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/11/10 00:39:28 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/11/10 00:39:29 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/11/10 00:39:29 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/11/10 00:39:29 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/11/10 00:39:29 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/02/02 18:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/04/23 19:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 19:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 19:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 19:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 19:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 19:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 19:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (21 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Anonymizer Proxy) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\Hide Real IP\ProxyNew.dll (Anonymizer Software)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ForceField Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\..\Toolbar\WebBrowser: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1177895991156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/29 19:12:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\.\Autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/07/17 16:51:09 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/07/17 16:50:24 | 00,561,464 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SecurityCheck.exe
[2009/07/17 12:22:25 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.pif
[2009/07/17 12:22:13 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/07/14 21:46:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\d2cdkey
[2009/07/12 06:22:51 | 25,309,75744 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\7100.0.090421-1700_x86fre_client_en-us_retail_ultimate-grc1culfrer_en_dvd.iso
[2009/07/12 06:17:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Download Manager
[2009/07/12 02:17:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Quarantine
[2009/07/12 02:17:04 | 01,195,448 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2009/07/12 02:17:02 | 00,205,328 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2009/07/12 02:17:00 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2009/07/12 02:16:44 | 00,333,328 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2009/07/12 02:15:32 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/12 02:11:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/07/12 02:04:24 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Chris\Desktop\kav8.0.0.506en.exe
[2009/07/11 21:16:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\crestline
[2009/07/11 20:18:53 | 01,047,150 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\cc_20090711_201848.reg
[2009/07/11 20:05:27 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\CCleaner.lnk
[2009/07/11 20:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/11 08:46:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/07 21:36:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/07/07 13:22:32 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2009/07/07 13:22:16 | 01,460,840 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Chris\Desktop\HousecallLauncher.exe
[2009/07/07 12:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\17644214
[2009/07/06 12:34:41 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!fe8_3d6c!erased
[2009/07/06 12:34:41 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!ed8_29!erased
[2009/07/06 12:34:41 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!744_29!erased
[2009/07/06 12:34:41 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!740_18be!erased
[2009/07/06 12:34:41 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1438_4ae1!erased
[2009/07/06 12:34:41 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1434_4823!erased
[2009/07/06 12:34:14 | 00,038,224 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\drivers\neokdss.sys
[2009/07/06 05:49:58 | 14,898,608 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Chris\Desktop\launch.exe
[2009/07/06 04:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/06 04:41:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/07/06 04:29:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/07/06 04:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/07/06 04:19:20 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Chris\Desktop\Ad-AwareAE.exe
[2009/07/06 04:14:16 | 14,817,440 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Chris\Desktop\jhetatbr.exe
[2009/07/06 04:11:29 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/06 04:11:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/06 04:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/06 04:10:19 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup.exe
[2009/07/06 03:57:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/06 03:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2009/07/06 03:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/06 02:55:41 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/07/05 23:21:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!ee4_29!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!4d8_29!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1f8_440d!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1f8_29!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1d04_29!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1cb4_1eb!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1c70_2d12!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1c70_260d!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1c70_2213!erased
[2009/07/05 23:09:42 | 00,726,568 | ---- | C] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!126c_29!erased
[2009/07/05 23:09:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058}
[2009/07/05 23:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Trend Micro
[2009/07/05 22:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Trend Micro
[2009/07/05 22:56:41 | 00,052,624 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/07/05 22:55:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/07/05 15:49:58 | 00,000,149 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\default.rss
[2009/07/04 15:47:00 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/04 02:46:59 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2009/07/04 02:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO 4.4
[2009/07/03 23:57:48 | 00,000,000 | ---D | C] -- C:\bc6d5aec26d9c9db7afa37ed18
[2009/07/03 23:55:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/03 23:07:21 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/03 23:07:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/07/03 23:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/03 23:03:41 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/06/28 22:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/06/25 06:19:16 | 00,012,921 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\WXPPSP3 - anony014 [mininova].torrent
[2009/06/22 13:31:38 | 00,087,093 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\eternal_rest_ver3.gp5
[2009/06/22 13:28:51 | 00,060,327 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\radiant_eclipse_ver5.gp3
[2009/06/22 13:25:54 | 00,089,618 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\second_heartbeat_ver2.gp4
[2009/06/18 07:50:07 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Artisteer 2.lnk
[2009/06/18 07:46:35 | 00,000,000 | ---D | C] -- C:\Program Files\Artisteer 2
[2009/06/18 07:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Artisteer_2.0.2.15338__MULTIL____Loader
[2009/06/18 06:48:37 | 00,000,457 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\XAMPP Control Panel.lnk
[2009/06/18 06:41:38 | 00,000,000 | ---D | C] -- C:\websites
[2009/06/04 16:20:27 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/05/31 18:10:54 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/31 14:15:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/05/31 03:17:07 | 00,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/27 08:06:13 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/27 08:06:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/27 08:06:09 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/27 08:06:09 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/27 08:06:07 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/27 08:06:06 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/07/10 15:53:07 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\E40DCCA7E0.sys
[2007/07/10 15:53:06 | 00,003,400 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/12 15:24:10 | 00,000,359 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2007/06/12 14:52:20 | 00,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/06/12 14:48:06 | 00,005,903 | ---- | C] () -- C:\WINDOWS\SetScan.ini
[2007/05/28 07:45:58 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/28 07:44:28 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/28 07:44:28 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/28 07:44:28 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/21 05:55:57 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007/05/04 21:00:04 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2007/05/04 20:34:23 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/05/04 20:34:23 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/05/04 20:34:23 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/05/04 20:34:23 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/05/04 20:34:23 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/05/04 20:27:28 | 00,001,480 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/05/04 20:23:09 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2007/05/03 20:49:41 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/05/01 15:49:00 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/04/29 20:13:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/29 19:33:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/04/29 19:27:14 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/29 19:27:14 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/29 19:27:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/29 19:27:07 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/29 19:26:54 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/03/05 15:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/12/20 20:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/08/04 05:00:00 | 00,000,656 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/17 17:18:30 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/07/17 16:51:09 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/07/17 16:50:24 | 00,561,464 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SecurityCheck.exe
[2009/07/17 15:01:40 | 00,107,911 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/07/17 15:01:40 | 00,107,911 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/07/17 12:37:14 | 00,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2009/07/17 12:37:07 | 00,351,219 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/07/17 12:22:25 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.pif
[2009/07/17 12:22:13 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/07/16 17:33:04 | 00,001,564 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\key 0.lnk
[2009/07/16 10:28:47 | 00,000,149 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\default.rss
[2009/07/16 10:28:47 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/15 22:20:17 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/15 22:19:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/15 22:19:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/15 22:16:49 | 02,646,644 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2009/07/14 22:04:31 | 00,037,961 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2009/07/14 21:32:11 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\key 1.lnk
[2009/07/12 07:05:08 | 25,309,75744 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\7100.0.090421-1700_x86fre_client_en-us_retail_ultimate-grc1culfrer_en_dvd.iso
[2009/07/12 05:52:55 | 00,000,656 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/12 05:52:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/07/12 05:52:55 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/12 02:05:44 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Chris\Desktop\kav8.0.0.506en.exe
[2009/07/12 01:58:42 | 14,898,608 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Chris\Desktop\launch.exe
[2009/07/11 20:19:04 | 01,047,150 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\cc_20090711_201848.reg
[2009/07/11 20:05:27 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\CCleaner.lnk
[2009/07/10 15:43:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 23:20:38 | 00,038,224 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\drivers\neokdss.sys
[2009/07/07 23:20:12 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1438_4ae1!erased
[2009/07/07 23:19:38 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!744_29!erased
[2009/07/07 23:19:32 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1434_4823!erased
[2009/07/07 23:19:31 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058}
[2009/07/07 21:35:34 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!fe8_3d6c!erased
[2009/07/07 21:35:02 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!740_18be!erased
[2009/07/07 21:34:54 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!ed8_29!erased
[2009/07/07 13:22:32 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2009/07/07 13:22:21 | 01,460,840 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Chris\Desktop\HousecallLauncher.exe
[2009/07/07 12:31:33 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/07/06 12:34:13 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!126c_29!erased
[2009/07/06 12:29:55 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/06 04:24:27 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Chris\Desktop\Ad-AwareAE.exe
[2009/07/06 04:18:51 | 14,817,440 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Chris\Desktop\jhetatbr.exe
[2009/07/06 04:11:06 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup.exe
[2009/07/06 03:53:38 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1cb4_1eb!erased
[2009/07/06 03:52:46 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1c70_260d!erased
[2009/07/06 03:51:03 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1c70_2213!erased
[2009/07/06 03:49:31 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1c70_2d12!erased
[2009/07/06 03:49:18 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1f8_440d!erased
[2009/07/06 03:47:31 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1d04_29!erased
[2009/07/06 03:47:15 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!1f8_29!erased
[2009/07/05 23:09:52 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!4d8_29!erased
[2009/07/05 23:09:44 | 00,726,568 | ---- | M] (Bluegem Security) -- C:\WINDOWS\System32\kdfmgr.exe!ee4_29!erased
[2009/07/04 02:54:35 | 00,044,840 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/04 02:46:59 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2009/07/04 02:24:26 | 01,469,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/04 02:23:05 | 14,855,5040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/04 02:23:05 | 01,990,652 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/07/03 23:43:14 | 00,532,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/03 23:43:14 | 00,461,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/03 23:43:14 | 00,079,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/25 06:19:16 | 00,012,921 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\WXPPSP3 - anony014 [mininova].torrent
[2009/06/22 13:31:38 | 00,087,093 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\eternal_rest_ver3.gp5
[2009/06/22 13:28:51 | 00,060,327 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\radiant_eclipse_ver5.gp3
[2009/06/22 13:25:54 | 00,089,618 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\second_heartbeat_ver2.gp4
[2009/06/18 07:50:07 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Artisteer 2.lnk
[2009/06/18 06:48:37 | 00,000,457 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\XAMPP Control Panel.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



-------------------------------------------------------------------------------


Extras.txt:


OTL Extras logfile created on: 7/17/2009 4:53:00 PM - Run 1
OTL by OldTimer - Version 3.0.9.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 389.98 Mb Available Physical Memory | 38.11% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 0.30 Gb Free Space | 0.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BASTARD2
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe" = C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod" = C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:*:Enabled:Liquid -- (Pinnacle Systems, Inc.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\Red Storm Entertainment\Rogue Spear\RogueSpear.exe" = C:\Program Files\Red Storm Entertainment\Rogue Spear\RogueSpear.exe:*:Enabled:RogueSpear -- ()
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Your Freedom\freedom.exe" = C:\Program Files\Your Freedom\freedom.exe:*:Enabled:freedom -- ()
"C:\Program Files\Ufasoft\SocksChain\SocksChain.exe" = C:\Program Files\Ufasoft\SocksChain\SocksChain.exe:*:Enabled:SocksChain GUI -- (Ufasoft)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\SmartFTP Client 2.0\Copy of SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\Copy of SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0C5265EC-9687-433D-9928-D6AA39D8CD04}" = ScanSoft OmniPage SE 4.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{219CB444-F2B6-4A17-8A76-BB7847F3DB26}" = Sony DVD Architect 4.0
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3938850F-423F-4C13-AC64-655387539156}" = TitleDeko
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{463fef9b-983a-4c4d-9f03-f9aa1d84f8bf}" = Nero 9 Trial
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5770C6BC-EC01-42DA-A8E0-62C869DB50FD}" = Star Wars Galaxies: 14-Day Trial
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BD5B620-AA88-11D4-AEC7-0008C739EC2A}" = Gangsters 2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{94118D5F-2D5D-4BF5-9F84-11FB8A97B566}" = 2d3 SteadyMove for Adobe Premiere Pro
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9774BFAA-64A2-4392-9B0D-7D8DAB23DE39}" = FileMaker Developer 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2F3B366-830E-4371-9130-A8D6BE751363}" = CapturePerfect 3.0
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}" = Opera 9.23
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EED6DFCD-3786-477A-B228-E89BB7D1CF92}" = Presto! BizCard 5 SE (English Version)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.0.5 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AIM_6" = AIM 6
"AnyDVD" = AnyDVD
"Artisteer 2" = Artisteer 2
"Audacity_is1" = Audacity 1.2.6
"Avid Liquid 7.00" = Avid Liquid 7.00
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BookCAT_is1" = BookCAT
"CCleaner" = CCleaner (remove only)
"Click'N Design 3D (V5)" = Click'N Design 3D (V5)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"CO Maps for Rogue Spear" = CO Maps for Rogue Spear
"Curitel PC Card" = Curitel PC Card Software
"Diablo II" = Diablo II
"DR-1210C Driver" = Canon DR-1210C Driver
"DR-1210C Job Tool" = DR-1210C Job Tool
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Ripper Platinum 4" = DVD Ripper Platinum 4
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.2.4.1
"FreeCap_is1" = FreeCap version 3.18
"GameSpy Arcade" = GameSpy Arcade
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hide My IP 2007_is1" = Hide My IP 2007
"Hide Real IP" = Hide Real IP
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Magic ISO Maker v5.4 (build 0245)" = Magic ISO Maker v5.4 (build 0245)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PCMesh Anonymous Web Surfing" = PCMesh Anonymous Web Surfing
"PowerISO" = PowerISO
"PremElem30" = Adobe Premiere Elements 3.0
"ProInst" = Intel® PROSet/Wireless Software
"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition
"RG Map Pack" = RG Map Pack
"RocketPack #2 BT RS Expansion Pack" = RocketPack #2 BT RS Expansion Pack
"RocketPak3 - UO for RS expansion pack" = RocketPak3 - UO for RS expansion pack
"Rogue Spear" = Rogue Spear
"SecondLife" = SecondLife (remove only)
"Security Task Manager" = Security Task Manager 1.7h
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"ST6UNST #1" = RSSTATS
"TransMac_is1" = TransMac version 8.1
"uTorrent" = µTorrent
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.4.507
"ViewpointMediaPlayer" = Viewpoint Media Player
"VSO Inspector_is1" = VSO Inspector 2.0
"VZAccess Manager" = VZAccess Manager
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD Video Codec" = XviD Video Codec 1.1.2-01022007
"Yahoo! Messenger" = Yahoo! Messenger
"Yet another map pack" = Yet another map pack
"Your_Deploy_0" = Your Freedom 20070606-01
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2009 5:35:36 AM | Computer Name = BASTARD2 | Source = MsiInstaller | ID = 1013
Description = Product: Kaspersky Anti-Virus 2009 -- You must restart your computer
before proceeding with the installation.

Error - 7/12/2009 7:18:24 AM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application manager.exe, version 2.2.4.8, faulting module
manager.exe, version 2.2.4.8, fault address 0x000256b2.

Error - 7/12/2009 7:18:41 AM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application manager.exe, version 2.2.4.8, faulting module
manager.exe, version 2.2.4.8, fault address 0x000256b2.

Error - 7/12/2009 7:23:20 AM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module unknown, version 0.0.0.0, fault address 0x0c1eef14.

Error - 7/14/2009 10:43:58 PM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application d2-cdkey.exe, version 1.0.0.5, faulting module
d2-cdkey.exe, version 1.0.0.5, fault address 0x00017ba6.

Error - 7/14/2009 10:44:10 PM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application d2-cdkey.exe, version 1.0.0.5, faulting module
d2-cdkey.exe, version 1.0.0.5, fault address 0x00017ba6.

Error - 7/14/2009 10:45:11 PM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application d2-cdkey.exe, version 1.0.0.5, faulting module
d2-cdkey.exe, version 1.0.0.5, fault address 0x00017ba6.

Error - 7/14/2009 10:56:01 PM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application showcdkey.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/14/2009 10:56:23 PM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application showcdkey.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/14/2009 11:02:19 PM | Computer Name = BASTARD2 | Source = Application Error | ID = 1000
Description = Faulting application showcdkey.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 7/15/2009 9:46:36 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the PolicyAgent service.

Error - 7/15/2009 9:46:36 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.

Error - 7/15/2009 9:46:41 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the wuauserv service.

Error - 7/15/2009 9:46:46 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 7/15/2009 11:19:21 PM | Computer Name = BASTARD2 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromslimtype_dvdrw_sosw-852s________________psx3____#5&2a87b71a&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 7/15/2009 11:19:33 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7000
Description = The tmcomm service failed to start due to the following error: %%2

Error - 7/15/2009 11:19:33 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7001
Description = The tmevtmgr service depends on the tmcomm service which failed to
start because of the following error: %%2

Error - 7/15/2009 11:19:33 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7001
Description = The tmactmon service depends on the tmevtmgr service which failed
to start because of the following error: %%1068

Error - 7/15/2009 11:19:38 PM | Computer Name = BASTARD2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tmtdi

Error - 7/16/2009 11:37:41 AM | Computer Name = BASTARD2 | Source = PSched | ID = 14103
Description = QoS [Adapter {3E8AD021-6EF2-4A33-B16E-13F32196E878}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 17 July 2009 - 11:12 PM

Hi there. :thumbup2:
Give me some time to review those logs and formulate a fix. Please be patient! I will see you through till the end of the cleanup. It is more important than ever now that you avoid making any changes to the computer. My fix will be based on the current condition of your computer. In the interim if you have any questions let me know.
Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 20 July 2009 - 11:50 AM

Hello again.
Thanks for your patience.
Let's begin.

Please read each item closely, follow in the order I have outlined, take your time and ask me if you have any questions before proceeding. :thumbup2:

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

==========

I know your intentions were good but I would like you to turn System restore back on!! It is better to restore to an infected point in time than to not be able to restore at all if the system crashes. Please do it now!

==========

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

==========

:) P2P Warning :)

Your log indicates that you have uTorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Your computer is dangerously low on disk space. The partition with the system needs at least 15% Free Space, or it will bog down and run very slowly.

C: is FIXED (NTFS) - 56 GiB total, 0.33 GiB free.


Go to Start, My Computer
Right-click on the hard-drive letter for the system, (usually C: )
Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
If it asks whether to apply to all files and folders, answer Yes.
You may have to wait while it resets the file attributes.

=====

Reboot the machine.

=====

Download and Install CCleaner

* Download CCleaner from here
* Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
* Click OK
* Click Next
* Click I agree
* Click Next
* Click Install
* Once the installation has finished, click Finish

=====

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours.
* Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
* Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

=====

Reset Options in CCleaner for Regular Use.
Open CCleaner if it's not already running.

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History". In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Check Only delete files in Windows Temp folders older than 48 hours.
* Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run Ccleaner when computer starts.

=====

In addition to the steps above, you will likely have to move some files onto removable media in order to achieve the 15% free space that is needed. Please do so now.

==========

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either ZoneAlarm Antivirus or TrendMicro or Avira. If you want my opinion...Avira free is very good.


Sometimes in order to completely uninstall an Antivirus software you need to use an automated uninstaller. You can use these. Do not forget to reboot after aech uninstall!!

TrendMicro Uninstaller
Generic Uninstaller
Avira Uninstaller

==========

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
==========

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


=========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

=========

With your next post please provide:

* Combofix.txt
* Gmer.log
* How's it running now?

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 20 July 2009 - 11:59 PM

I ran the scans, but the gmer scan wouldn't let me save anything; it only had 2 buttons: save and cancel. I'll run that scan again later and get you the log. Combofix seems to have fixed everything. Google is working fine. my dvd double layer burner is being seen as one in both my computer and nero. I haven't tried burning a dvd yet, but it seems to be working properly. The logical disk manager is working properly as well. I am having a problem with my external hard disk, but the problem is on more than one computer so it should be a problem with the drive. Thanks...I'll scan with gmer again while i sleep as it is a long scan. Here is the combofix log:


ComboFix 09-07-19.04 - Chris 07/20/2009 15:12.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.610 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris\Application Data\inst.exe
c:\documents and settings\Chris\Start Menu\Programs\Hide Real IP
c:\documents and settings\Chris\Start Menu\Programs\Hide Real IP\Hide Real IP.lnk
c:\documents and settings\Chris\Start Menu\Programs\Hide Real IP\Uninstall.lnk
c:\program files\Hide Real IP
c:\program files\Hide Real IP\anonymizer.chm
c:\program files\Hide Real IP\ccodes.txt
c:\program files\Hide Real IP\FeedbackInfo.exe
c:\program files\Hide Real IP\hide-real-ip.exe
c:\program files\Hide Real IP\hide-real-ip.exe.manifest
c:\program files\Hide Real IP\hide-real-ip.log
c:\program files\Hide Real IP\lang_de.dll
c:\program files\Hide Real IP\lang_en.dll
c:\program files\Hide Real IP\lang_it.dll
c:\program files\Hide Real IP\ProxyNew.dll
c:\program files\Hide Real IP\shfolder.dll
c:\program files\Hide Real IP\uninstall.exe
c:\windows\Installer\262abf4a.msp
c:\windows\system32\drivers\hjgruilhkdwmhk.sys
c:\windows\system32\hjgruicucpksuy.dll
c:\windows\system32\hjgruidadwqafn.dat
c:\windows\system32\hjgruirtcnjfyk.dat
c:\windows\system32\hjgruisxjqngvx.dll
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\WgaLogon.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiuehmrebt


((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 19:47 . 2007-08-22 15:16 46456 ----a-r- c:\windows\system32\exitwx.exe
2009-07-20 18:46 . 2009-07-20 18:46 -------- d-----w- c:\program files\CCleaner
2009-07-12 11:17 . 2009-07-12 12:09 -------- d-----w- c:\documents and settings\Chris\Application Data\Download Manager
2009-07-12 07:17 . 2009-07-12 07:17 -------- d-----w- c:\windows\system32\Quarantine
2009-07-12 07:17 . 2008-08-16 07:53 1195448 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-07-12 07:17 . 2008-08-16 08:00 205328 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-07-12 07:17 . 2008-08-16 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-07-12 07:16 . 2008-02-16 04:37 333328 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-07-12 07:11 . 2009-07-12 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-08 02:36 . 2009-07-08 08:22 -------- d-----w- c:\windows\BDOSCAN8
2009-07-07 18:24 . 2009-07-08 01:58 -------- d-----w- c:\documents and settings\Chris\.housecall6.6
2009-07-07 17:21 . 2009-07-08 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\17644214
2009-07-06 17:34 . 2009-07-08 04:20 38224 ----a-w- c:\windows\system32\drivers\neokdss.sys
2009-07-06 10:57 . 2009-07-06 11:43 -------- d-----w- c:\documents and settings\Chris\DoctorWeb
2009-07-06 09:41 . 2009-07-07 13:42 -------- d-----w- c:\program files\Lavasoft
2009-07-06 09:41 . 2009-07-07 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-06 09:29 . 2009-07-06 09:29 97 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_800fda1b898e2ef4a8f196d0a960cafa.dll
2009-07-06 09:11 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 09:11 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 09:11 . 2009-07-06 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 08:55 . 2009-07-06 08:55 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-07-06 08:55 . 2009-07-06 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 07:55 . 2009-07-07 17:31 10752 ----a-w- c:\windows\DCEBoot.exe
2009-07-06 04:21 . 2009-07-06 04:21 -------- d-----w- c:\windows\system32\log
2009-07-06 04:04 . 2009-07-06 04:04 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Trend Micro
2009-07-06 03:56 . 2009-04-02 21:00 52624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-07-06 03:55 . 2009-07-12 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-07-04 07:46 . 2009-07-04 07:46 -------- d-----w- c:\program files\PowerISO 4.4
2009-07-04 07:22 . 2009-07-04 07:22 150112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-04 04:57 . 2009-07-04 05:00 -------- d-----w- C:\bc6d5aec26d9c9db7afa37ed18
2009-07-04 04:55 . 2009-07-04 07:24 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-04 04:07 . 2009-07-04 04:07 -------- d-----w- c:\program files\MSBuild
2009-07-04 04:07 . 2009-07-04 05:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-04 04:06 . 2009-07-04 04:06 -------- d-----w- c:\program files\Reference Assemblies
2009-07-04 04:03 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-29 03:34 . 2009-06-29 03:34 -------- d-----w- c:\program files\BitPim

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 20:30 . 2009-05-31 18:43 144 ----a-w- c:\windows\system32\pdfl.dat
2009-07-20 19:54 . 2009-07-20 20:08 3037184 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-07-20 19:54 . 2009-07-20 20:08 2088448 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-07-20 19:49 . 2009-07-20 19:49 29929 ----a-w- c:\windows\Internet Logs\UpdClient_2nd_2009_07_20_14_24_59_small.dmp.zip
2009-07-20 19:24 . 2009-07-20 19:24 28492 ----a-w- c:\windows\Internet Logs\UpdClient_2nd_2009_07_20_14_08_10_small.dmp.zip
2009-07-20 18:07 . 2007-11-08 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-20 15:15 . 2007-04-30 00:27 107911 ----a-w- c:\windows\system32\nvModes.dat
2009-07-20 12:40 . 2007-05-28 12:14 -------- d-----w- c:\program files\Diablo II
2009-07-19 01:52 . 2007-05-28 12:21 39016 ----a-w- c:\windows\DIIUnin.dat
2009-07-12 10:36 . 2009-07-12 10:38 2011136 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-07-12 10:22 . 2009-07-12 10:23 3322368 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-07-12 10:22 . 2009-07-12 10:23 2010112 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-07-12 07:41 . 2009-05-31 05:54 -------- d-----w- c:\program files\Trend Micro
2009-07-12 07:13 . 2009-05-31 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-11 07:44 . 2009-04-13 13:52 117760 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 07:44 . 2008-05-31 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-10 20:43 . 2009-07-12 08:42 195240 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-06 17:29 . 2009-05-31 18:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-06 09:29 . 2009-07-06 09:29 74 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll
2009-07-06 08:55 . 2009-07-06 08:57 1916928 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-07-06 08:55 . 2009-07-06 08:57 2988544 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-07-06 03:48 . 2007-05-12 20:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-06 02:11 . 2007-04-30 03:26 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2009-07-06 01:19 . 2009-07-06 01:18 21966399 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_07_05_20_12_24_full.dmp.zip
2009-07-06 01:18 . 2009-07-06 01:18 135443 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_05_20_12_20_small.dmp.zip
2009-07-04 07:54 . 2007-05-01 21:47 44840 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 07:23 . 2009-05-31 18:50 1990652 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-04 07:23 . 2009-05-31 18:50 148555040 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-04 05:08 . 2007-06-25 02:36 -------- d-----w- c:\program files\Absolute Poker
2009-06-25 22:45 . 2009-06-25 22:46 1013760 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-06-25 14:19 . 2009-06-13 04:02 -------- d-----w- c:\documents and settings\Chris\Application Data\FileZilla
2009-06-24 07:36 . 2009-06-24 07:38 531968 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-06-24 00:08 . 2009-06-24 00:09 1264640 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-06-21 18:42 . 2009-06-21 23:00 1758720 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-06-21 16:57 . 2009-06-21 16:58 450048 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-06-20 06:37 . 2009-06-20 06:38 2811904 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-06-20 06:37 . 2009-06-20 06:38 1756160 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\program files\Artisteer 2
2009-06-17 06:28 . 2009-04-08 07:03 -------- d-----w- c:\program files\MagicDisc
2009-06-16 02:11 . 2007-04-30 00:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 01:51 . 2009-06-16 01:51 -------- d-----w- c:\program files\EA Sports
2009-06-16 01:44 . 2007-12-06 18:02 -------- d-----w- c:\program files\MagicISO
2009-06-15 23:01 . 2009-06-15 23:03 700416 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-06-15 10:38 . 2009-06-15 10:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-14 09:23 . 2009-06-14 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-14 09:20 . 2009-06-14 09:20 -------- d-----w- c:\program files\Yahoo!
2009-06-14 05:06 . 2009-06-14 05:07 2323456 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-06-13 13:56 . 2009-05-31 18:58 -------- d-----w- c:\documents and settings\Chris\Application Data\#ISW.FS#
2009-06-13 04:02 . 2009-06-13 04:01 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-13 03:55 . 2009-06-13 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-06-13 03:53 . 2009-06-13 03:53 -------- d-----w- c:\documents and settings\Chris\Application Data\GlobalSCAPE
2009-06-13 03:53 . 2009-06-13 03:53 -------- d-----w- c:\program files\GlobalSCAPE
2009-06-13 03:48 . 2007-05-04 01:49 -------- d-----w- c:\program files\SmartFTP Client 2.0
2009-06-13 03:48 . 2009-06-13 03:25 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-13 03:47 . 2009-06-13 03:47 -------- d-----w- c:\program files\Copy of SmartFTP Client 2.0
2009-06-12 21:10 . 2009-06-12 21:11 841728 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-06-12 20:56 . 2009-06-12 20:56 -------- d-----w- c:\program files\Eidos Interactive
2009-06-12 12:26 . 2009-06-12 12:27 599552 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-06-11 23:11 . 2009-06-11 23:13 1662976 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-06-11 23:11 . 2009-06-11 23:12 3008512 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-06-11 02:10 . 2009-06-11 02:11 1635840 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-06-11 02:10 . 2009-06-11 02:11 645120 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-06-11 01:26 . 2009-06-11 01:27 2673152 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-06-11 01:26 . 2009-06-11 01:27 1629184 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-06-07 08:22 . 2009-06-07 22:33 1609216 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-06-04 23:58 . 2009-06-04 23:56 -------- d-----w- c:\documents and settings\Chris\Application Data\log
2009-06-04 23:56 . 2009-06-04 23:56 -------- d-----w- c:\documents and settings\Chris\Application Data\Vso
2009-06-04 23:56 . 2009-06-04 23:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-04 23:56 . 2009-06-04 23:56 47360 ----a-w- c:\documents and settings\Chris\Application Data\pcouffin.sys
2009-06-04 23:56 . 2009-06-04 23:56 47360 ----a-w- c:\documents and settings\Chris\Application Data\pcouffin.sys
2009-06-04 23:55 . 2009-06-04 23:55 -------- d-----w- c:\program files\vso
2009-06-04 21:40 . 2009-06-04 21:37 -------- d-----w- c:\documents and settings\Chris\Application Data\Nero
2009-06-04 21:22 . 2009-06-04 21:01 -------- d-----w- c:\program files\Common Files\Nero
2009-06-04 21:21 . 2009-06-04 21:21 -------- d-----w- c:\program files\Windows Sidebar
2009-06-04 21:19 . 2007-07-31 01:36 -------- d-----w- c:\program files\Nero
2009-06-04 21:06 . 2009-06-04 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-04 20:41 . 2007-05-05 01:16 -------- d-----w- c:\program files\Pinnacle
2009-06-04 20:08 . 2007-07-31 01:36 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-04 10:28 . 2009-06-04 19:37 27648 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-06-04 10:12 . 2009-06-04 10:13 80384 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-06-04 09:38 . 2009-06-04 09:40 2127360 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-01 03:33 . 2007-05-01 04:59 -------- d-----w- c:\program files\QuickTime
2009-06-01 00:34 . 2009-06-01 00:35 1587200 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-05-31 23:17 . 2009-05-31 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-05-31 23:10 . 2009-05-31 23:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-31 23:10 . 2009-05-31 23:10 -------- d-----w- c:\documents and settings\Chris\Application Data\DAEMON Tools Pro
2009-05-31 22:11 . 2009-05-31 22:12 395264 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-05-31 19:42 . 2009-05-31 19:43 253440 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- c:\documents and settings\Chris\Application Data\CheckPoint
2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- c:\documents and settings\Chris\Application Data\MailFrontier
2009-05-31 18:43 . 2009-05-31 18:43 144 ----a-w- c:\windows\system32\lkfl.dat
2009-05-31 18:43 . 2009-05-31 18:43 80 ----a-w- c:\windows\system32\ibfl.dat
2009-05-31 18:43 . 2009-05-31 18:43 -------- d-----w- c:\program files\CheckPoint
2009-05-31 18:42 . 2009-05-31 18:42 -------- d-----w- c:\program files\Zone Labs
2009-05-31 18:30 . 2009-05-31 18:30 1172 ----a-w- c:\windows\mozver.dat
2009-05-31 09:09 . 2009-05-31 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Zenturi
2009-05-31 00:52 . 2009-05-31 00:49 -------- d-----w- c:\program files\TransMac
2009-05-27 00:50 . 2009-06-14 09:20 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-15 13:02 . 2009-05-15 13:02 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-05-15 12:50 . 2009-05-15 12:50 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-06-12 12:31 . 2009-06-01 23:58 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-07-10 20:53 . 2007-07-10 20:53 8 --sh--r- c:\windows\system32\E40DCCA7E0.sys
2007-09-29 00:28 . 2007-07-10 20:53 3400 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-23 7561216]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-04-01 982408]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TMBMServer"=2 (0x2)
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"SfCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Red Storm Entertainment\\Rogue Spear\\RogueSpear.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Your Freedom\\freedom.exe"=
"c:\\Program Files\\Ufasoft\\SocksChain\\SocksChain.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\Copy of SmartFTP.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/13/2009 8:42 AM 108289]
R2 Apache2.2;Apache2.2;c:\websites\xampp\apache\bin\httpd.exe [12/9/2008 6:10 PM 24636]
R2 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/12/2009 5:12 AM 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/12/2009 5:12 AM 390536]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/12/2009 2:17 AM 36368]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2/12/2009 5:11 AM 54928]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [7/12/2009 2:16 AM 333328]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/5/2009 10:56 PM 52624]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [5/10/2007 3:09 PM 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [5/10/2007 3:09 PM 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [5/10/2007 3:09 PM 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [5/10/2007 3:09 PM 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [5/10/2007 3:09 PM 69632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 7:37 AM 26624]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?]
S4 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" --> c:\program files\Trend Micro\Internet Security\TmProxy.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {3E8AD021-6EF2-4A33-B16E-13F32196E878} = 192.168.1.1
TCP: {E2513C8C-DE5A-4FBF-8AE7-7C1E72004D96} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\o1746j6i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mlb.com/mlb/fantasy/wsfb/scoreboard/index.jsp|http://mlb.mlb.com/mlb/fantasy/wsfb/news/injuries.jsp|http://us.mc657.mail.yahoo.com/mc/showFolder?.rand=271853768#_pg=showFolder&fid=Inbox&order=down&tt=9849&pSize=25&.rand=1835925959&hash=eb539fae7ce237a15a22de252d28b83b&.jsrand=8832589|http://mail.google.com/mail/?hl=en&zx=a64tmup4yidb&shva=1#inbox|http://webmail.aol.com/43661/aol/en-us/Suite.aspx|http://members.000webhost.com/cpanel.php?accountID=2216691&login_hash=IJqbWyjgzNAwLjNk
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 15:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C57A5AF-E2C9-460E-B9AE-34DB3D4A4D1F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaeiliaioemneejajd"=hex:6a,61,6a,62,64,68,63,66,6f,68,6b,6e,69,65,67,68,69,67,
64,61,00,f2
"haoifjpebgnhhegj"=hex:6a,61,6a,62,64,68,63,66,6f,68,6b,6e,69,65,67,68,69,67,
64,61,00,f2

[HKEY_USERS\S-1-5-21-2025429265-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AF2D99DA-2B51-17CB-21F7-A99DAF9EA3B8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oabcbpndhoibehcpbjmkekdpbfbaib"=hex:6a,61,65,6c,62,66,67,70,68,63,64,65,63,69,
6e,66,6b,61,6e,6d,00,f5
"nalckjnamnlfcmkfkcodlmjicfee"=hex:6a,61,65,6c,62,66,67,70,68,63,64,65,63,69,
6e,66,6b,61,6e,6d,00,f5
"gbjacoaoaaokaaailpmddnmpaogjcanieeipdoabhplcgp"=hex:63,61,70,62,6c,61,00,00
"bbdambccjbfoojhgkfpijhdemojaoelgjolp"=hex:6e,61,68,6d,6c,63,69,64,67,63,62,68,
64,68,64,67,6e,64,67,69,64,70,69,61,70,61,6f,6d,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c3,e0,9c,b7,0e,
a2,17,be,e2,63,26,f1,3f,c8,ff,68,5d,7a,30,f0,c8,80,1a,11,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,99,d3,3a,d6,ea,
0a,f9,c2,6a,9c,d6,61,af,45,84,18,a7,39,ce,5c,a2,06,dc,78,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,1f,16,65,6c,20,
cb,c6,43,ff,7c,85,e0,43,d4,0e,fe,79,5c,be,9f,94,94,52,6e,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a4,2e,f0,c0,0f,
5f,55,e3,86,8c,21,01,be,91,eb,e7,d9,42,a0,3a,37,57,b3,a7,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,35,22,8b,9f,1d,
62,11,1b,f5,1d,4d,73,a8,13,5c,05,e8,e6,ff,3b,8e,d2,d0,a8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3f,74,2f,c1,15,
0f,fb,67,df,20,58,62,78,6b,cf,c8,de,4d,1d,85,41,61,93,91,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d3,62,fd,c9,d6,
50,4b,10,fb,a7,78,e6,12,2f,9a,ea,db,2a,78,8d,26,35,6c,5e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,4c,83,75,3a,2f,
fc,9b,3f,01,3a,48,fc,e8,04,4a,f1,c7,75,16,ef,54,df,f2,83,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,d1,f6,2d,43,1d,
ba,fd,eb,f6,0f,4e,58,98,5b,89,c9,3c,3f,c8,95,b5,b5,10,71,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a1,63,6f,98,21,
f6,33,84,3d,ce,ea,26,2d,45,aa,78,a8,c7,11,b9,f0,04,1f,d5,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,b6,d3,05,4f,03,
00,49,25,2a,b7,cc,b5,b9,7f,41,e7,cc,35,95,a2,7b,84,3d,41,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,06,b8,96,b0,fe,
b4,2a,9e,6c,43,2d,1e,aa,22,2f,9c,a4,77,b8,83,8c,1c,e6,b9,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1824)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(1880)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'explorer.exe'(2816)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\websites\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\CheckPoint\ZAForceField\ForceField.exe
c:\program files\CheckPoint\ZAForceField\ISWMGR.exe
c:\program files\CheckPoint\ZAForceField\ISWMGR.exe
.
**************************************************************************
.
Completion time: 2009-07-20 15:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 20:41

Pre-Run: 2,536,833,024 bytes free
Post-Run: 2,521,997,312 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
438 --- E O F --- 2009-07-05 19:21

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 21 July 2009 - 07:07 AM

Hello, :thumbup2:

Few quick notes!!

I see you still have 3 AV's running. Please follow my uninstall instructions listed above now. This is important.

Also in regards to Gmer. Press the Save button after it has completed the scan and it will place the log on your desktop. Copy and paste that log in your next reply.

I noticed with Combofix you did not disable your AV's and you did not allow install of the recovery console. If your computer would have crashed we would have been in trouble. Please read those instructions closely, if there are any deviations from the outlined instructions...STOP...and ask. Do not proceed. Please do not rerun Combofix unless I instruct you to do so!!!

Finally. Although your computer is running better we are not done yet. Please continue to follow my instruction, in the order outlined, until I give you the all clear!

I will review your logs after you post the Gmer scan and instructions will be forthcoming.

Kind regards,
~t

Edited by thcbytes, 21 July 2009 - 07:16 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 July 2009 - 04:18 AM

upon reboot after disabling the file indexing service...nothing would install or run; i kept getting errors. I rebooted into safe mode, made sure all of the virus scanners were disabled, then ran combofix. combofix immediately found errors and rebooted the pc. upon reboot, it let the virus scanners start without allowing me to disable them. You told me that combofix could mess things up a bit, so i went into the scan knowing that i could have to reformat if things got bad. Chances are that I could have fixed any problems that combofix produced anyways....and let's face it; reformatting is always in the back of my mind as a last resort when there is a major software problem with any computer.

As far as 3 AVs running: I stated before that trend micro had previously been uninstalled before I even made my first post here....and i did run the uninstall tool that you linked to after combofix was run. ....because I could not install or uninstall anything after i turned off the file indexing. I don't know why the trend micro came up in the log. The zone alarm is only used for the firewall....the scanners in it always remain disabled via program settings. Avira free is the only av that is enabled.

In short, yes, I would still like to use your help.....the past couple of days I have had a check disk running on my external hard disk, which has been hogging a lot of resources....so I have not yet repeated the scan of gmer. I should be able to post that log tomorrow night.

I appreciate your insight, thanks a bunch, I'll get back to you asap



status updated ;)

Edited by goatchaps, 23 July 2009 - 04:22 AM.


#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 23 July 2009 - 07:21 AM

Thanks for the clarification. I have a few suggestions and questions.

To remove leftovers remnants of old antivirus software running on your computer.

Posted Image


1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

Same for Firewall remnants.....

Posted Image


1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM FirewallProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

==========

As far as Combofix is concerned as long as you have disabled your AV prior to the run your ok. Upon reboot the AV will retart and that will not interfere with CF. Again do not rerun CF! I will design specialized scripts specific to your computer to be run again.

==========

Now the questions...

Why did you disable file indexing service?

Per your post Jul20 you indicated your computer was running well and was experiencing no problems. Now you mention checkdisk issues. Any other issues?

Do you have a Windows install disk if we need it?

==========

So lets see that Gmer scan then I will instruct you forthcoming.

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 July 2009 - 10:11 PM

the log was to long to paste, so i attached it. There are still problems; I am getting errors and blue screens.


this website keeps giving me an error when i try to paste or attach the gmer log. it says it is too large, but it is well under the max limit.

Edited by goatchaps, 23 July 2009 - 10:16 PM.


#14 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 July 2009 - 10:22 PM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-23 21:45:48
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF40F6FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF40F3C80]
SSDT F7B871CE ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF40F7580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF410B900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF410BB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF410FB10]
SSDT F7B871C4 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF40F7670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF40F4210]
SSDT F7B871D3 ZwDeleteKey
SSDT F7B871DD ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF410B280]
SSDT sppj.sys ZwEnumerateKey [0xF7378CA4]
SSDT sppj.sys ZwEnumerateValueKey [0xF7379032]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xF40F08C0]
SSDT F7B871E2 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF410EF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF410FD90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF40F4070]
SSDT sppj.sys ZwOpenKey [0xF735A0C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF410D180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF410CF40]
SSDT sppj.sys ZwQueryKey [0xF737910A]
SSDT sppj.sys ZwQueryValueKey [0xF7378F8A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF410F6F0]
SSDT F7B871EC ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF40F6BE0]
SSDT F7B871E7 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF40F7190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF40F4440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xF40F06A0]
SSDT F7B871D8 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF410C200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF410C080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xF40F0AF0]

INT 0x62 ? 873D7BF8
INT 0x73 ? 8736BBF8
INT 0x82 ? 873D7BF8
INT 0x83 ? 8736BBF8
INT 0x83 ? 8736BBF8
INT 0xB4 ? 8736BBF8
INT 0xB4 ? 8736BBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [80, 75, 0F, F4, 00, B9, 10, ...] {XOR BYTE [EBP+0xf], 0xf4; ADD [ECX-0x44ef0bf0], BH; ADC AH, DH}
.text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D20 12 Bytes [C0, 08, 0F, F4, E2, 71, B8, ...] {ROR BYTE [EAX], 0xf; HLT ; LOOP 0x77; MOV EAX, 0x10ef90f7; HLT }
? sppj.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6C058AC 5 Bytes JMP 8736B1D8
.text win32k.sys!EngFreeUserMem + 674 BF8098FA 5 Bytes JMP 8633C4E0
.text win32k.sys!EngMulDiv + 199A BF820E4A 5 Bytes JMP 8633C534
.text win32k.sys!EngCreateBitmap + 113B9 BF849245 5 Bytes JMP 8633C518
.text win32k.sys!EngMultiByteToWideChar + 2E60 BF8526BA 5 Bytes JMP 8633C550
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF8738DF 5 Bytes JMP 8633C4FC
.text win32k.sys!EngCreateClip + 48DB BF9158AB 5 Bytes JMP 8633C56C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[224] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[236] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[236] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[300] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[300] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[300] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[340] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[340] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[444] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\System32\svchost.exe[488] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\System32\svchost.exe[488] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[488] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[732] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\spoolsv.exe[784] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\spoolsv.exe[784] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[784] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\Explorer.EXE[880] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[880] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[964] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[992] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\websites\xampp\mysql\bin\mysqld.exe[1064] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[1084] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1084] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1244] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Apoint\Apoint.exe[1260] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apoint.exe[1260] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Apoint\Apoint.exe[1260] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[1312] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1312] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[1332] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1332] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1680] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\websites\xampp\apache\bin\httpd.exe[1776] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\websites\xampp\apache\bin\httpd.exe[1776] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[1776] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\winlogon.exe[1816] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\winlogon.exe[1816] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1816] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\services.exe[1860] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\services.exe[1860] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1860] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\lsass.exe[1872] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\lsass.exe[1872] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1872] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1876] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes JMP 21277CA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 5 Bytes JMP 21277D10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtAccessCheck 7C90CE6E 5 Bytes JMP 21274EE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 21274EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 21274E60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 2127A1B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 2127A230 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 21274560 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 21274210 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtContinue 7C90D05E 5 Bytes JMP 21275AC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 2127AE50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 212735D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 212787E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 2127A6F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 212736F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 212784E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 21279B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 2127AAA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtCreateWaitablePort 7C90D1DE 5 Bytes JMP 21278570 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 21273FA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 21278940 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 21278E30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 21275100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 21273FF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 21278C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 21278F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 2127A190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 212744E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 21278990 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 2127A1A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 21274D60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtInitializeRegistry 7C90D41E 5 Bytes JMP 212790F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 21278A80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 21278AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 212739F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 21274190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 21279E80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 21274BC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 21278CE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 21278D80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 2127B030 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 21273810 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 212788D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 2127A8D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 21274340 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 21279D60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 2127AC80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 212744A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 2128FBF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 21273CD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 21273E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 21274C50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 21273D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 21273C40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 21275720 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryInformationToken 7C90D81E 5 Bytes JMP 21274F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 21278BE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 21279010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 21274070 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 21278B10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 21274E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 2127A140 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 21275010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 21273550 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQuerySystemTime 7C90D93E 5 Bytes JMP 212756C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 21278F10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 2128FA90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 21273ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 212738B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 21273B20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)

#15 goatchaps

goatchaps
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 July 2009 - 10:23 PM

.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 21279090 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 21278B40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 21278A50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 21275700 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 212789F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 21278A20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 21274CE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 21273DB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 21278B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 212740F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 21274E40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 21275080 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetSystemTime 7C90DD7E 5 Bytes JMP 21275630 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 21278E90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 21273F80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 21275330 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 21275220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 21278AE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 21273AA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 2127A040 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 21273950 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 21273BB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlNtStatusToDosError 7C90F62D 5 Bytes JMP 21275A90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlFreeHeap 7C90FF2D 5 Bytes JMP 212771F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 21277100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlSizeHeap 7C9104DD 5 Bytes JMP 21277260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount 7C91151A 5 Bytes JMP 212772D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 21274660 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrGetDllHandle 7C9166A0 5 Bytes JMP 2128FD20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 212749A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlReAllocateHeap 7C919BA0 5 Bytes JMP 21277170 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrFindCreateProcessManifest 7C91FE25 5 Bytes JMP 21274B40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 21274B80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrShutdownProcess 7C923BD8 5 Bytes JMP 21275B00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlCreateHeap 7C925C82 5 Bytes JMP 21277010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlDestroyHeap 7C9264EE 5 Bytes JMP 21277090 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlZeroHeap 7C95F193 5 Bytes JMP 21277C30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus 7C964C5F 5 Bytes JMP 21275A30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!RtlRaiseStatus 7C9666A0 5 Bytes JMP 21275A60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!GetSystemTime 7C80176F 5 Bytes JMP 21271C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 21271CC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 21271B50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!GetLocalTime 7C80A874 5 Bytes JMP 21271C90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!GetModuleFileNameW 7C80B475 5 Bytes JMP 21271910 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 21271820 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 2184B562 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 2184B586 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!FindNextChangeNotification 7C832145 5 Bytes JMP 21271AA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!FindFirstChangeNotificationW 7C834C1F 5 Bytes JMP 21271AF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214937E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!SetLocalTime 7C855CF9 5 Bytes JMP 21271CF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!FindFirstChangeNotificationA 7C85D483 5 Bytes JMP 21271B20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] kernel32.dll!CreateActCtxA 7C86C8E5 5 Bytes JMP 21271760 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 21562A0F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 215628F0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 212888F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!send 71AB4C27 5 Bytes JMP 21562971 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 21562AB3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 21562C47 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 21562B7A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 21288B60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 21288A00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!IdentifyCodeAuthzLevelW 77DD9EC8 5 Bytes JMP 2126D860 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 2126D020 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!QueryServiceStatus 77DE6D50 5 Bytes JMP 2126B590 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!OpenSCManagerW 77DE6F55 5 Bytes JMP 2126D4D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 2126ADE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!StartServiceA 77DEFB58 5 Bytes JMP 2126D2E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 2126D3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 5 Bytes JMP 2126B7E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!QueryServiceConfigA 77DF1596 5 Bytes JMP 2126BE90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!SetServiceStatus 77DF3251 5 Bytes JMP 2126B490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 2126CEA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 2126C550 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 2126C5F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!StartServiceW 77DF3E94 5 Bytes JMP 2126AFE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 2126B330 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 2126D260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 2126D450 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!OpenSCManagerA 77DF69AE 5 Bytes JMP 2126D510 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 5 Bytes JMP 2126B960 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!CreateRestrictedToken 77E0DC8C 5 Bytes JMP 2126A9A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 2126D5F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 2126D050 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 2126AB00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!EnumDependentServicesA 77E37529 5 Bytes JMP 2126C490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!EnumDependentServicesW 77E375E1 5 Bytes JMP 2126C3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ADVAPI32.dll!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 2126CF60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 212853A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!GetShellWindow 7E419252 5 Bytes JMP 21285650 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 21284B60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!PrivateExtractIconsW 7E41CCFC 5 Bytes JMP 21285ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 21284DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SetShellWindowEx 7E41FF92 5 Bytes JMP 212856F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 21284E10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!EnumDesktopWindows 7E42851A 5 Bytes JMP 21284F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 21285300 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!EnumWindows 7E42A5AE 5 Bytes JMP 21284F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 212853F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21284E30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 21285440 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SystemParametersInfoA 7E42DEB2 5 Bytes JMP 21284B20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 21285350 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 212854A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 21284DD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!SetShellWindow 7E456114 5 Bytes JMP 21285720 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] SHELL32.dll!SHEmptyRecycleBinW 7CA66D31 5 Bytes JMP 21283D50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] SHELL32.dll!SHEmptyRecycleBinA 7CA66D9B 5 Bytes JMP 21283D70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 21283D10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] SHELL32.dll!SHFileOperation 7CA70C0C 5 Bytes JMP 21283D30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 2184B995 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 2184B9CA C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] CRYPT32.dll!CryptSIPRetrieveSubjectGuid 77A89BD3 5 Bytes JMP 2126FBA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] CRYPT32.dll!CryptSIPGetSignedDataMsg 77A9C614 5 Bytes JMP 2126FC10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] CRYPT32.dll!CryptSIPVerifyIndirectData 77AA08E8 5 Bytes JMP 2126FC90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\System32\alg.exe[2192] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2192] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\System32\alg.exe[2192] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214937E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\forcefield.exe[2204] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\nvsvc32.exe[2236] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2236] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\nvsvc32.exe[2236] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\System32\svchost.exe[2312] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2312] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\wuauclt.exe[2444] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\wuauclt.exe[2444] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[2444] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2508] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2540] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\ctfmon.exe[2588] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\ctfmon.exe[2588] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2588] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2596] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[2684] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\WINDOWS\system32\svchost.exe[2684] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2684] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Apoint\HidFind.exe[2868] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\HidFind.exe[2868] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Apoint\HidFind.exe[2868] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Program Files\Apoint\Apntex.exe[2876] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint\Apntex.exe[2876] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Program Files\Apoint\Apntex.exe[2876] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\websites\xampp\apache\bin\httpd.exe[3004] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\websites\xampp\apache\bin\httpd.exe[3004] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\websites\xampp\apache\bin\httpd.exe[3004] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214937E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4668] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes JMP 21277CA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 5 Bytes JMP 21277D10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtAccessCheck 7C90CE6E 5 Bytes JMP 21274EE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 21274EF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 21274E60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 2127A1B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 2127A230 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 21274560 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 21274210 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtContinue 7C90D05E 5 Bytes JMP 21275AC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 2127AE50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 212735D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 212787E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 2127A6F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 212736F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 212784E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 21279B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 2127AAA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtCreateWaitablePort 7C90D1DE 5 Bytes JMP 21278570 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 21273FA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 21278940 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 21278E30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 21275100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 21273FF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 21278C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 21278F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 2127A190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 212744E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 21278990 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 2127A1A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 21274D60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtInitializeRegistry 7C90D41E 5 Bytes JMP 212790F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 21278A80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 21278AB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 212739F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 21274190 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 21279E80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 21274BC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 21278CE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 21278D80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 2127B030 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 21273810 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 212788D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 2127A8D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 21274340 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 21279D60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 2127AC80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 212744A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 2128FBF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 21273CD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 21273E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 21274C50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 21273D40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 21273C40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 21275720 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryInformationToken 7C90D81E 5 Bytes JMP 21274F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 21278BE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 21279010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 21274070 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 21278B10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 21274E20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 2127A140 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 21275010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 21273550 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQuerySystemTime 7C90D93E 5 Bytes JMP 212756C0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 21278F10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 2128FA90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 21273ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 212738B0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 21273B20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 21279090 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 21278B40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 21278A50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 21275700 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 212789F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 21278A20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 21274CE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 21273DB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 21278B70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 212740F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 21274E40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 21275080 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetSystemTime 7C90DD7E 5 Bytes JMP 21275630 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 21278E90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 21273F80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 21275330 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 21275220 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 21278AE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 21273AA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 2127A040 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 21273950 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 21273BB0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlNtStatusToDosError 7C90F62D 5 Bytes JMP 21275A90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlFreeHeap 7C90FF2D 5 Bytes JMP 212771F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 21277100 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlSizeHeap 7C9104DD 5 Bytes JMP 21277260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount 7C91151A 5 Bytes JMP 212772D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 21274660 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!LdrGetDllHandle 7C9166A0 5 Bytes JMP 2128FD20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 212749A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlReAllocateHeap 7C919BA0 5 Bytes JMP 21277170 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!LdrFindCreateProcessManifest 7C91FE25 5 Bytes JMP 21274B40 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 21274B80 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!LdrShutdownProcess 7C923BD8 5 Bytes JMP 21275B00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlCreateHeap 7C925C82 5 Bytes JMP 21277010 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlDestroyHeap 7C9264EE 5 Bytes JMP 21277090 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlZeroHeap 7C95F193 5 Bytes JMP 21277C30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus 7C964C5F 5 Bytes JMP 21275A30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ntdll.dll!RtlRaiseStatus 7C9666A0 5 Bytes JMP 21275A60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!GetSystemTime 7C80176F 5 Bytes JMP 21271C60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 21271CC0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 21271B50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!GetLocalTime 7C80A874 5 Bytes JMP 21271C90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!GetModuleFileNameW 7C80B475 5 Bytes JMP 21271910 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 21271820 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 2184B562 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 2184B586 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!FindNextChangeNotification 7C832145 5 Bytes JMP 21271AA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!FindFirstChangeNotificationW 7C834C1F 5 Bytes JMP 21271AF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 214937E2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!SetLocalTime 7C855CF9 5 Bytes JMP 21271CF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!FindFirstChangeNotificationA 7C85D483 5 Bytes JMP 21271B20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] kernel32.dll!CreateActCtxA 7C86C8E5 5 Bytes JMP 21271760 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!IdentifyCodeAuthzLevelW 77DD9EC8 5 Bytes JMP 2126D860 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 2126D020 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!QueryServiceStatus 77DE6D50 5 Bytes JMP 2126B590 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!OpenSCManagerW 77DE6F55 5 Bytes JMP 2126D4D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 2126ADE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!StartServiceA 77DEFB58 5 Bytes JMP 2126D2E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 2126D3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 5 Bytes JMP 2126B7E0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!QueryServiceConfigA 77DF1596 5 Bytes JMP 2126BE90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!SetServiceStatus 77DF3251 5 Bytes JMP 2126B490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 2126CEA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 2126C550 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 2126C5F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!StartServiceW 77DF3E94 5 Bytes JMP 2126AFE0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 2126B330 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 2126D260 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 2126D450 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!OpenSCManagerA 77DF69AE 5 Bytes JMP 2126D510 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 5 Bytes JMP 2126B960 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!CreateRestrictedToken 77E0DC8C 5 Bytes JMP 2126A9A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 2126D5F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 2126D050 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 2126AB00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!EnumDependentServicesA 77E37529 5 Bytes JMP 2126C490 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!EnumDependentServicesW 77E375E1 5 Bytes JMP 2126C3D0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ADVAPI32.dll!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 2126CF60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 212853A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!GetShellWindow 7E419252 5 Bytes JMP 21285650 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 21284B60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!PrivateExtractIconsW 7E41CCFC 5 Bytes JMP 21285ED0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 21284DF0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SetShellWindowEx 7E41FF92 5 Bytes JMP 212856F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 21284E10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!EnumDesktopWindows 7E42851A 5 Bytes JMP 21284F70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 21285300 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!EnumWindows 7E42A5AE 5 Bytes JMP 21284F90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 212853F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21284E30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 21285440 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SystemParametersInfoA 7E42DEB2 5 Bytes JMP 21284B20 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 21285350 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 212854A0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 21284DD0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!SetShellWindow 7E456114 5 Bytes JMP 21285720 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 21562A0F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 215628F0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 212888F0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 21562971 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 21562AB3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 21562C47 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 21562B7A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!getpeername 71AC0B68 5 Bytes JMP 21288B60 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 21288A00 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 2184B995 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 2184B9CA C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWVEXT.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] SHELL32.dll!SHEmptyRecycleBinW 7CA66D31 5 Bytes JMP 21283D50 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] SHELL32.dll!SHEmptyRecycleBinA 7CA66D9B 5 Bytes JMP 21283D70 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 21283D10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] SHELL32.dll!SHFileOperation 7CA70C0C 5 Bytes JMP 21283D30 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] CRYPT32.dll!CryptSIPRetrieveSubjectGuid 77A89BD3 5 Bytes JMP 2126FBA0 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] CRYPT32.dll!CryptSIPGetSignedDataMsg 77A9C614 5 Bytes JMP 2126FC10 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe[4700] CRYPT32.dll!CryptSIPVerifyIndirectData 77AA08E8 5 Bytes JMP 2126FC90 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216956A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216958D9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008AC0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 21695380 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 2169519F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20007FD0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 20008050 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007ED0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 21695166 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F00 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!SendInput 7E42F140 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EA0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 200080D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 200085D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 200086D0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 3 Bytes JMP 21695D0B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] ADVAPI32.dll!ImpersonateNamedPipeClient + 4 77DD742A 1 Byte [A9]
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] ADVAPI32.dll!SetThreadToken 77DDF193 3 Bytes JMP 21695EC0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] ADVAPI32.dll!SetThreadToken + 4 77DDF197 1 Byte [A9]
.text C:\Documents and Settings\Chris\Desktop\l0o8m022.exe[5184] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 21695C87 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users