Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow Startuo & Window opening


  • This topic is locked This topic is locked
20 replies to this topic

#1 jcbellows

jcbellows

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 01 January 2010 - 05:37 PM

I have a 5 year old Dell Dimensions Desktop computer With lots of ROM and REM running Windows XP Pro.
Up to two months ago it was doing fine and than is slowed way down on Startup and on screen opening.
I've run McAfee, Malwarebytes Anti Virus, Spyzooka and they all say no virus. Spybot only shows minor cookies that I delete. I've run Regzooka to clear the Registry.
I suspect that some of my protection programs may be doinmg too much checking, but I dont know where to check some of the settings.
Any suggestions would be much appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:04 PM, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\sMaRTcaPs\SmartCaps.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: AutorunsDisabled
O4 - Startup: SBC DSL.lnk = ?
O4 - Startup: sMaRTcaPs.lnk = C:\Program Files\sMaRTcaPs\SmartCaps.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228586873281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228586854531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FE99C7E-6204-4090-8C59-7A4BB4560B6B}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8807 bytes

Johnny

Edited by jcbellows, 01 January 2010 - 05:51 PM.


BC AdBot (Login to Remove)

 


#2 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 January 2010 - 09:11 PM

I had my computer generate a bootlog that I hope will tell you something. It shows that over and over it could not load many drivers. I'm sure that htat is abnormal but don't know how to fix itl I found that I could not add a very long file to this and didn't see any way to make attachments. The following are repeated over and over plus a few others now & then>
Did not load driver Acronis True Image Backup Archive Explorer
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (IPX)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel

Edited by jcbellows, 06 January 2010 - 09:19 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 10 January 2010 - 12:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 10 January 2010 - 03:08 PM

OTL logfile created on: 1/10/2010 11:56:32 AM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Administrator\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 265.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 267.44 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 197.67 Gb Free Space | 66.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-937D288342
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/10 11:54:58 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Downloads\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/02 06:17:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/16 11:36:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/17 01:41:10 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 01:39:40 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 05:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 05:30:06 | 00,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 03:01:56 | 00,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 02:02:34 | 00,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/14 01:55:30 | 00,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/14 01:55:26 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/09/14 01:52:46 | 02,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/03/18 08:05:02 | 00,135,168 | ---- | M] (Phoebus LLC) -- C:\Program Files\sMaRTcaPs\SmartCaps.exe
PRC - [2005/09/20 08:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2004/10/14 13:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/10 11:54:58 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Downloads\OTL.exe
MOD - [2009/10/14 05:30:36 | 00,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2008/07/25 10:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 10:17:20 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/16 11:36:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/17 01:41:10 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 05:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/14 12:46:56 | 00,044,776 | ---- | M] (Xobni Corporation) [Disabled | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/18 17:21:13 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a831cc1b9ba) Google Update Service (gupdate1c9a831cc1b9ba)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/13 16:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2007/09/14 03:01:56 | 00,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 01:55:26 | 00,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/10/17 01:39:42 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 05:30:02 | 00,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/15 13:03:06 | 00,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/12 01:26:10 | 00,023,552 | ---- | M] (defrag Development Team) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
DRV - [2008/12/10 06:17:14 | 00,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/11/25 22:57:04 | 00,022,432 | ---- | M] (SiSoftware) [Kernel | Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (sandra)
DRV - [2008/08/20 21:45:10 | 00,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/20 21:45:10 | 00,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/20 21:45:03 | 00,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/20 21:44:59 | 00,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/04/13 10:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/02/27 12:49:00 | 00,003,840 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/06/20 12:08:20 | 00,987,904 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 12:07:42 | 00,268,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/06/20 12:07:38 | 00,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/19 14:26:58 | 00,012,672 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 04:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/02/10 14:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/12/11 09:50:00 | 00,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 09:50:00 | 00,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/12/11 09:50:00 | 00,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/11 09:50:00 | 00,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:11:02 | 00,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-1450960922-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1708537768-1450960922-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-1708537768-1450960922-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1708537768-1450960922-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1708537768-1450960922-682003330-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1708537768-1450960922-682003330-500\S-1-5-21-1708537768-1450960922-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {55bcaabf-5334-4f01-9f5e-cad57a14e005}:0.9.79
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.35
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/24 16:18:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/01/08 15:27:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 15:35:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 15:35:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/25 14:37:37 | 00,000,000 | ---D | M]

[2008/08/26 13:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/10 09:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions
[2009/10/15 14:11:50 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/17 16:32:58 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions\{55bcaabf-5334-4f01-9f5e-cad57a14e005}
[2009/03/31 22:06:40 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/07 19:04:07 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/07 19:04:05 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/01/21 16:00:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xog11fxr.default\extensions\moveplayer@movenetworks.com
[2010/01/10 09:44:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/10 09:44:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2007/03/09 15:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: (352047 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12068 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1708537768-1450960922-682003330-500\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2010/01/05 11:13:23 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SBC DSL.lnk = File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\sMaRTcaPs.lnk = C:\Program Files\sMaRTcaPs\SmartCaps.exe (Phoebus LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1450960922-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1708537768-1450960922-682003330-500\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1450960922-682003330-500\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-1450960922-682003330-500\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1228586873281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1228586854531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/19 20:06:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{da4f8f6c-6ec0-11dd-a548-00111169ee89}\Shell\Setup\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 16:12:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/10 11:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Downloads
[2010/01/08 14:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ForceField Shared Files
[2010/01/08 14:59:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2010/01/08 14:58:46 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/01/08 14:58:42 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/08 14:58:39 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/08 14:58:39 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/08 14:58:33 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/08 14:58:31 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/01/08 14:58:31 | 00,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/08 14:58:31 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/08 14:58:31 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/08 14:58:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/01/08 14:58:29 | 00,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/08 14:58:29 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/08 14:57:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/08 14:57:47 | 00,620,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/08 14:57:47 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/08 14:57:47 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/07 13:53:18 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/01/07 11:51:28 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2010/01/07 10:44:58 | 00,987,904 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.sys
[2010/01/07 10:44:58 | 00,212,992 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32M19.dll
[2010/01/07 10:39:57 | 00,104,960 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\COMNCTR.DLL
[2010/01/07 10:39:57 | 00,097,792 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/01/07 10:39:57 | 00,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2010/01/07 10:39:57 | 00,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2010/01/07 10:39:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/01/07 10:39:54 | 00,152,064 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lmoufrc.dll
[2010/01/07 10:39:54 | 00,070,894 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMouFlt2.Sys
[2010/01/07 10:39:54 | 00,051,582 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042PR2.SYS
[2010/01/07 10:39:54 | 00,037,916 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2010/01/07 10:39:54 | 00,025,630 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidFlt2.Sys
[2010/01/07 10:39:54 | 00,023,372 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LCOINST.DLL
[2010/01/07 10:39:54 | 00,020,992 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
[2010/01/07 10:39:54 | 00,014,092 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCCFLTR.SYS
[2010/01/07 10:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/01/07 10:38:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads
[2010/01/06 17:54:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/01/06 17:54:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/06 17:54:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/06 17:54:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/01/06 17:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/01/05 14:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Xobni
[2010/01/05 11:49:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Xobni
[2010/01/05 11:46:56 | 00,000,000 | ---D | C] -- C:\Program Files\Xobni
[2010/01/05 11:45:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2010/01/05 11:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2010/01/05 11:18:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
[2010/01/05 11:11:01 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/01/05 11:11:01 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/01/05 11:11:00 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2009/12/29 22:03:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/29 22:03:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 22:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/20 15:59:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!
[2009/09/15 11:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/09/14 21:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/19 08:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/18 17:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/28 16:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/01/28 16:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/01/28 12:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/10/13 16:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/20 21:46:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2008/08/20 05:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/19 20:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/19 20:06:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/19 20:06:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/10 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/01/10 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/01/10 11:48:09 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2010/01/10 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/01/10 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/01/10 10:35:40 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/10 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/01/10 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/01/10 09:56:46 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/10 09:43:41 | 00,024,173 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/10 09:42:49 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/10 09:41:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/10 09:41:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 09:40:59 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/09 22:40:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/09 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/01/09 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/01/09 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/01/09 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/01/09 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/01/09 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/01/09 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/01/09 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/01/09 18:00:00 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/09 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/01/09 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/01/09 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/01/09 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/01/09 16:31:20 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ntbtlog.doc
[2010/01/09 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/01/09 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/01/09 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/01/09 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/01/09 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/01/09 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/01/09 13:59:19 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/09 13:59:08 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Intelinet Task Control.job
[2010/01/09 13:59:00 | 00,000,396 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/01/09 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/01/09 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/01/09 11:57:14 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/09 11:57:14 | 00,000,224 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/09 11:57:14 | 00,000,210 | -HS- | M] () -- C:\boot.ini
[2010/01/09 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/01/09 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/01/08 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/01/08 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/01/08 15:30:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/08 15:00:19 | 00,418,006 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/08 14:58:44 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ZoneAlarm Security.lnk
[2010/01/08 14:50:36 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zone Alarm Pro 2010 Key.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 13:53:20 | 00,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/01/06 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/01/06 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/01/06 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/01/06 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/01/06 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/01/06 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/01/06 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/01/06 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/01/06 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/01/06 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/01/06 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/01/06 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/01/06 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/01/06 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/01/06 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/01/06 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/01/06 00:41:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/01/06 00:12:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/01/05 16:57:36 | 02,205,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/05 11:18:24 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.rmbak
[2010/01/05 11:11:01 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/01/02 18:02:04 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/02 17:59:45 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/12/31 17:37:02 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\KINDLE TABLE OF CONTENTS.doc
[2009/12/29 22:04:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 22:28:26 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Netflix 8-08 to 12-09-alph.doc
[2009/12/27 13:58:35 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/23 09:48:07 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2009 Christmas Cards sent.doc
[2009/12/22 20:35:47 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\LADY FINGER CAKE.doc
[2009/12/14 13:58:03 | 00,141,312 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Mission Accomplished-VII Corps Story.doc
[2009/12/13 15:17:09 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2008 Christmas cards Received.doc
[2009/12/12 13:51:19 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Christmas Letter 2009.doc
[2009/12/11 14:39:56 | 00,043,062 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\UserImages.bmp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/09 16:31:19 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ntbtlog.doc
[2010/01/08 14:58:44 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/08 14:58:44 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ZoneAlarm Security.lnk
[2010/01/08 14:58:29 | 00,418,006 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/08 14:50:35 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zone Alarm Pro 2010 Key.doc
[2010/01/07 13:53:20 | 00,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/01/07 13:53:18 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/07 10:44:33 | 00,143,829 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2010/01/06 17:54:30 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/06 17:54:25 | 00,000,396 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/01/06 17:54:22 | 00,000,432 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/05 16:58:19 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 11:48:00 | 00,003,231 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\xobni_install.log
[2010/01/05 11:11:01 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/31 17:37:01 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\KINDLE TABLE OF CONTENTS.doc
[2009/12/29 22:04:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 22:28:26 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Netflix 8-08 to 12-09-alph.doc
[2009/12/25 22:29:01 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Copy of (1 unread) 'AT&T Yahoo! Mail'.url
[2009/12/22 12:43:47 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\LADY FINGER CAKE.doc
[2009/12/13 17:27:01 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2009 Christmas Cards sent.doc
[2009/12/13 15:17:08 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2008 Christmas cards Received.doc
[2009/12/11 14:39:56 | 00,043,062 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\UserImages.bmp
[2009/11/24 17:50:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\KTC09.INI
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/13 16:46:11 | 00,927,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/17 13:33:24 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/03/06 11:20:07 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/16 22:16:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/11 17:00:00 | 08,507,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/11/29 15:03:45 | 00,000,630 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/14 21:43:34 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\059B3B
[2008/10/14 21:43:28 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mcs.rma
[2008/10/11 22:00:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/11 21:58:53 | 00,000,025 | ---- | C] () -- C:\WINDOWS\NS_Scan.ini
[2008/09/20 22:00:09 | 00,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2008/09/15 13:55:58 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 19:37:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2008/09/04 15:15:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/09/04 12:12:49 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/09/04 12:12:49 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/09/04 12:11:14 | 00,000,018 | ---- | C] () -- C:\WINDOWS\Epson1240U.ini
[2008/08/20 06:13:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/19 21:38:09 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 1/10/2010 11:56:32 AM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Administrator\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 265.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 267.44 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 197.67 Gb Free Space | 66.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-937D288342
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1708537768-1450960922-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A4E2B76-5024-4451-990C-F4102F74FF44}" = Columbia High School
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE18AB5-540B-4981-87D5-6CF7E923D983}_is1" = CyberDefender Registry Cleaner
"{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
"{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2}" = WinTasks Trial
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AE15D0F7-8C2E-4419-97B4-995ED16FBB4E}" = Art Explosion Greeting Card Factory Express
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB562D40-13F5-11D5-B7C5-00105A645748}" = EPSON Copy Utility
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c3113e55-7bcb-4de3-8ebf-60e6ce6b2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Across Lite 2.0" = Across Lite 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Belarc Advisor" = Belarc Advisor 8.1
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"Exterminate It!" = Exterminate It!
"HijackThis" = HijackThis 2.0.2
"HyperSnap-DX 4" = HyperSnap-DX 4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan (Symantec Corporation)
"PROSet" = Intel® PRO Network Adapters and Drivers
"Registry Mechanic_is1" = Registry Mechanic 9.0
"RegZooka" = RegZooka v2.0
"Secunia PSI" = Secunia PSI
"SMART PANEL for Scanner" = EPSON SMART PANEL for Scanner
"sMaRTcaPs Application_is1" = sMaRTcaPs 5.2
"Sudoklue Pro_is1" = Sudoklue Pro
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"TurboTax 2008" = TurboTax 2008
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"VLC media player" = VLC media player 0.9.8a
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm Pro" = ZoneAlarm Pro
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 6:40:47 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1001
Description = Fault bucket 834373986.

Error - 1/5/2010 6:45:45 PM | Computer Name = HOME-937D288342 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2010 7:05:29 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 8:58:05 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 8:58:13 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1001
Description = Fault bucket 1589847310.

Error - 1/7/2010 5:44:22 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/7/2010 6:50:24 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/7/2010 6:53:06 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/7/2010 6:56:00 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/9/2010 6:39:04 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1002
Description = Hanging application wintasks.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/5/2010 6:40:47 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1001
Description = Fault bucket 834373986.

Error - 1/5/2010 6:45:45 PM | Computer Name = HOME-937D288342 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2010 7:05:29 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 8:58:05 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 8:58:13 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1001
Description = Fault bucket 1589847310.

Error - 1/7/2010 5:44:22 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/7/2010 6:50:24 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/7/2010 6:53:06 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/7/2010 6:56:00 PM | Computer Name = HOME-937D288342 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/9/2010 6:39:04 PM | Computer Name = HOME-937D288342 | Source = Application Hang | ID = 1002
Description = Hanging application wintasks.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/10/2010 2:08:45 AM | Computer Name = HOME-937D288342 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 1/10/2010 2:08:45 AM | Computer Name = HOME-937D288342 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 1/10/2010 1:42:38 PM | Computer Name = HOME-937D288342 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/10/2010 1:42:43 PM | Computer Name = HOME-937D288342 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 1/10/2010 2:00:00 PM | Computer Name = HOME-937D288342 | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 1/10/2010 2:00:00 PM | Computer Name = HOME-937D288342 | Source = Schedule | ID = 7901
Description = The At35.job command failed to start due to the following error: %%2147942402

Error - 1/10/2010 3:00:00 PM | Computer Name = HOME-937D288342 | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942402

Error - 1/10/2010 3:00:00 PM | Computer Name = HOME-937D288342 | Source = Schedule | ID = 7901
Description = The At36.job command failed to start due to the following error: %%2147942402

Error - 1/10/2010 4:00:00 PM | Computer Name = HOME-937D288342 | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 1/10/2010 4:00:00 PM | Computer Name = HOME-937D288342 | Source = Schedule | ID = 7901
Description = The At37.job command failed to start due to the following error: %%2147942402


< End of report >

Sorry!!! I'm not sure that I was able to put both reports as you requested. Your format is new and somewhat confusing to me. If I need to redo it, please let me know

Edited by jcbellows, 10 January 2010 - 03:33 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 10 January 2010 - 03:39 PM

Hi,

the layout is fine. :(

Registry Cleaners

I notice the presence of Registry Cleaners on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html


Otherwise the logs pretty much look fine to me.

Please run an additional rootkit scan to see if it shows any suspicious activity:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 11 January 2010 - 04:42 PM

I had trouble sending you the GMER result. My computer stopped with an all blue screen. I had to go to the Safe Start Menu and use "go to last good startup" or some such thing to get the computer going again. Than when I tried to send you the results, it wouldn't go with the error that it was too long. Now I'll try to send the first half and will send the last half on the next reply

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-10 17:52:14
Windows 5.1.2600 Service Pack 3
Running: 7hrvixgu.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwgyaaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEE62D600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEE626D50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEE64B040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEE62DE10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEE644D00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEE645120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEE64F210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEE62DF80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEE627C30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEE64C750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEE64C130]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEE643E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xEE6208E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEE64D050]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEE64D280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xEE64F5C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEE627720]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEE647420]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEE646FF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwProtectVirtualMemory [0xEE649470]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEE64E400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEE64DA10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEE62D150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEE64E0A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEE62D8E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEE628050]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationObject [0xEE649340]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEE64E8B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xEE620010]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEE64B940]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEE645CF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEE645A20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xEE620D30]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEE5228C3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEE5228AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE5228EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE522809]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEE52292B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE522897]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEE522881]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE522774]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE522760]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE5228D9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE5227DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE5227B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [10, DE, 62, EE, 00, 4D, 64, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [E0, 08, 62, EE, 50, D0, 64, ...]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 2 Bytes [00, E4] {ADD AH, AH}
.text ntoskrnl.exe!_abnormal_termination + 34F 804E29AB 3 Bytes [EE, 10, DA] {OUT DX, AL ; ADC DL, BL}
.text ntoskrnl.exe!_abnormal_termination + 353 804E29AF 1 Byte [EE]
.text ...
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EE5227B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568EE9 5 Bytes JMP EE52280D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A382 7 Bytes JMP EE522885 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80570441 5 Bytes JMP EE522764 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 805732AD 7 Bytes JMP EE52292F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 7 Bytes JMP EE5228C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP EE5227E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058BA5D 5 Bytes JMP EE5228F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590669 7 Bytes JMP EE5228B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD47 5 Bytes JMP EE522778 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA6E 7 Bytes JMP EE5228DD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E394 7 Bytes JMP EE52289B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6A34F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[556] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[624] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F94
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FAF
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0040
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0082
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F3A
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE009D
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F0E
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00B8
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0051
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0F57
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0025
.text C:\WINDOWS\Explorer.EXE[636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0F1F
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0069
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD001B
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0058
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD0047
.text C:\WINDOWS\Explorer.EXE[636] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0036
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB002A
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0F9F
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0FC1
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0FB0
.text C:\WINDOWS\Explorer.EXE[636] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FD2
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BB0000
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BB0025
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\Explorer.EXE[636] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\Explorer.EXE[636] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FEF
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC0F8F
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC007A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0069
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC004E
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC002C
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC00A9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F61
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC0F1A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F2B
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC00D8
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC003D
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F7E
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F3C
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FC3
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB0065
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB0014
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB004A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FB0039
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0FB2
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA006E
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0053
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA0FE3
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0038
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA001D
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F5E
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F79
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00047
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00F8A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FB6
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F4D
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00089
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00F17
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F32
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F000CB
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00FA5
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00011
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F0006E
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FD1
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0002C
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000B0
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FC7
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF003D
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0022
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0011
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0F80
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0F91
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FB6
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F92
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FAD
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE000C
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\lsass.exe[832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FDE
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0082
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0067
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00C1
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00B0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F32
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F43
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F17
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0093
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F54
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB002F
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F97
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FA8
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0033
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FCD
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0078
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0067
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0F8D
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0F9E
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0025
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA00B0
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA0095
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA00E3
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA00D2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA00F4
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0040
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0F5E
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA00C1
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90F80
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90FCA
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90F91
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D90033
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90022
.text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80F95
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80FB0
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FD2
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FC1
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D8000C
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D7000A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04F70FEF
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04F7009D
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04F7008C
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04F70FA8
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04F7005B
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04F70FC3
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 04F70F7C
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04F70F8D
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04F700E6
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04F700D5
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04F700F7
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04F7004A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04F7000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04F700AE
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04F70FD4
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04F70025
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04F70F57
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04F60FD4
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04F60076
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04F6001B
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04F60FE5
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04F60FAF
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04F60000
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 04F60047
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04F60036
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04F50F97
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 04F50022
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04F50FCD
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04F50000
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04F50FB2
.text C:\WINDOWS\System32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04F50011
.text C:\WINDOWS\System32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 04F4000A
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 05050FEF
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 05050FD4
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 05050FC3
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0505001E
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F6B
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F7C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770056
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770F8D
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770085
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F49
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700B1
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770096
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007700C2
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00770F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770F18
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760FB9
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0076006C
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0076005B
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00760040
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0076002F
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750F92
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750027
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00750FC8
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00750FB7
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750FE3
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FEF
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C005B
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F81
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0F9E
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0093
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F4B
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C00B8
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0F29
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00C9
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F66
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C0F3A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B007A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0069
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B004E
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B003D
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0033
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FA8
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0022
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FCD
.text C:\WINDOWS\system32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0011
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0099000A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

#7 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 11 January 2010 - 04:45 PM

Here is the second half of the GMER results

===============================
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxpers.exe[1760] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1812] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1812] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1860] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1912] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AB00B3
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AB0098
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AB0087
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AB0076
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AB00E1
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB0F99
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB010D
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB0F74
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AB0F63
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AB0065
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB0025
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB00C4
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AB0040
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AB00F2
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930079
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930FB2
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093004A
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[1968] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA6
.text C:\WINDOWS\system32\svchost.exe[1968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB7
.text C:\WINDOWS\system32\svchost.exe[1968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[1968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920027
.text C:\WINDOWS\system32\svchost.exe[1968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FDB
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\McAfee\MSK\MskSrver.exe[2280] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F7C
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F8D
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8005B
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80014
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800A9
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F61
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F2B
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F46
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B800DF
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B8002F
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B8008C
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FA8
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\svchost.exe[2456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B800BA
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B7002C
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B7006C
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70FCA
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\system32\svchost.exe[2456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70051
.text C:\WINDOWS\system32\svchost.exe[2456] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60FA8
.text C:\WINDOWS\system32\svchost.exe[2456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60033
.text C:\WINDOWS\system32\svchost.exe[2456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60022
.text C:\WINDOWS\system32\svchost.exe[2456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[2456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FC3
.text C:\WINDOWS\system32\svchost.exe[2456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60011
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0121007D
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01210062
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01210051
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01210040
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01210FA8
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012100B0
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0121009F
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012100C1
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01210F28
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01210F0D
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0121002F
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01210FCA
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0121008E
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01210FB9
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0121000A
.text C:\WINDOWS\system32\svchost.exe[2596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01210F43
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01200040
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01200F9E
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01200FEF
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0120001B
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01200FB9
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01200000
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0120005B
.text C:\WINDOWS\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01200FDE
.text C:\WINDOWS\system32\svchost.exe[2596] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011F0F86
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!system 77C293C7 5 Bytes JMP 011F0011
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011F0FC6
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011F0000
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011F0FAB
.text C:\WINDOWS\system32\svchost.exe[2596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011F0FE3
.text C:\WINDOWS\system32\svchost.exe[2596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011E0000
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3548] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F76
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026006B
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F91
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260044
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260033
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260088
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F40
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F2F
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600BE
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600ED
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FAC
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F5B
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260022
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600A3
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350014
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350065
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035004A
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350039
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360F92
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] msvcrt.dll!system 77C293C7 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00000
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01180FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01180FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01180FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[5072] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01180000
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F4B
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F24
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0026006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600B3
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260098
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F09
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026005B
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0026007D
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350076
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350047
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360038
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360027
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00000
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02250000
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02250FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02250011
.text C:\Program Files\Internet Explorer\iexplore.exe[5644] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02250FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260069
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260058
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600A8
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0026008B
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600DE
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F45
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600EF
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260022
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026007A
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600C3
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035008E
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035007D
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350062
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350051
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360064
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360049
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0036002E
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0225000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02250FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02250FCD

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EE6313A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EE6313A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EE6313A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EE6313A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EE654450] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [EE6313A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EE633050] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EE6313A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EE633790] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EE632E60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EE628D80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EE629140] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EE628780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EE628F10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jqs.exe[556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1424] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[1588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1632] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\igfxpers.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[1860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\McAfee\MSK\MskSrver.exe[2280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[2500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[3548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\sMaRTcaPs\SmartCaps.exe[3828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3852] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\Administrator\My Documents\My Downloads\7hrvixgu.exe[4236] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[4588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6040] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 102672
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED55BEA1-0213-45BF-9E8C-84C9F4A221EF}@DhcpRetryTime 308
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED55BEA1-0213-45BF-9E8C-84C9F4A221EF}@DhcpRetryStatus 1

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 11 January 2010 - 05:01 PM

Hi,

the logs are clean, so I suspect that your problem is not caused by malware. the easiest way of testing if one (or both) of your protection programs are responsible for the slow down would be to disconnect from the internet and uninstall them. If you get your usual speed back, you know that the problem was caused by them.
The next step would probably be to exchange them for something more lightweight.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 11 January 2010 - 05:15 PM

Thanks so much for your patience and your help. This thread should be closed now. Johnny

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 11 January 2010 - 05:30 PM

Hi,

just to be safe I would like to run a couple of scans first.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Also, you could try out the following tool to disable unneeded startup items and hence speeding up your PC:

Download and Run StartupLite
This program will identify and give you the option to remove uneeded startup items to free memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click the icon to start the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of uneeded startup entries will be compiled. Leave all the items as Disabled and click Continue.
  • Restart your computer.

If you rather want the topic closed, I will do so.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 January 2010 - 12:41 PM

OTL logfile created on: 1/14/2010 3:49:04 PM - Run 4
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Administrator\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 267.33 Gb Free Space | 89.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 197.67 Gb Free Space | 66.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-937D288342
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

Following are the ESET Results
C:\Documents and Settings\Administrator\John C. Bellows\Local Settings\Temp\is-LIOHV.tmp\SSSetup.exe probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLB7UD2\xcvb[1].pdf PDF/Exploit.Pidief.OJS.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASOHHNEW\xcvb[1].pdf PDF/Exploit.Pidief.OJS.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CWDM3Q40\Ms08011[1].htm probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CWDM3Q40\xcvb[1].pdf PDF/Exploit.Pidief.OJS.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V6N6INB5\xcvb[1].pdf PDF/Exploit.Pidief.OJS.Gen trojan cleaned by deleting - quarantined

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 15 January 2010 - 04:52 PM

Hi,

there seems to be some mix up with the logs, could you please check and provide the OTL log. It looks as if something went wrong while pasting it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 January 2010 - 10:30 PM

When I first tried to send you the OTL results, it somehow got lost so I had to run it again. Here is the best that I have.

Error: Unable to interpret <CODE> in the current context!
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.1.23.0 log created on 01142010_145518

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:21 PM

Posted 16 January 2010 - 06:04 AM

Hi,

could you please also provide the follow up scan with OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jcbellows

jcbellows
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 16 January 2010 - 01:57 PM

This is the later reply:

Error: Unable to interpret <CODE> in the current context!
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.1.23.0 log created on 01142010_153246




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users