Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent malware problems, google links redirecting and pages popping up in browser


  • This topic is locked This topic is locked
11 replies to this topic

#1 Imhotep is Invisible

Imhotep is Invisible

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 26 April 2010 - 03:12 PM

Hi there!

I've been having some persistent malware infection problems lately on this shared PC which runs Vista, usually it's the "vista defender" malware which shows up as "ave.exe" in processes. I've been using rkill to end the process and Malwarebytes to remove the infection which seems to keep coming back. After a while, it caused a problem whereby Microsoft Host Processes kept crashing minutes after Vista booting up so I rolled back the PC by a month and this seems to have stopped that problem.

However I'm still finding that from time to time, I'm getting browsers (both Firefox and Opera) opening up new webpages with seemingly random links as well as redirecting me to irrelevent sites when clicking links from google searches. Not only that, but only now after the rollback is AVG Antivirus starting to flag 5 processes which it can't remove as "Trojan Horse Dropper.Generic2.CVC".

These files all appear in a folder called vjvi.tmp and are called svchost.exe (no spaces), svchost .exe (1 space), svchost .exe (2 spaces), svchost .exe (3 spaces) and svchost .exe (4 spaces - this one is actually stated as Trojan Horse SHeur3.src). All I know about svchost is that it's an important windows file and that it's usually in the system folder and also that it isn't unusual to have several of these files running at once. If I run RKill at the moment, it stops two versions of C:\Windows\system32\DllHost.exe - I'm not sure where my problems lie at the moment but I'm stuck for ideas at the moment on what to do.

Any help would be greatly appreciated. Thanks for your time.

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:02:15 PM

Posted 26 April 2010 - 03:43 PM

Update and run malwarebytes and post the log

#3 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 26 April 2010 - 03:53 PM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4040

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

26/04/2010 21:53:05
mbam-log-2010-04-26 (21-53-05).txt

Scan type: Quick scan
Objects scanned: 117498
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:02:15 PM

Posted 26 April 2010 - 04:03 PM

Clean out your temp files.
Download Attribune's ATF Cleaner and save to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.



Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):[list]
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
[*]Click the "Close" button to leave the control center screen and exit the program.

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
[*]Click Close to exit the program.

#5 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 26 April 2010 - 06:10 PM

Okay, have cleaned out the temp files using ATF Cleaner. Downloaded and ran Super Anti Spyware as instructed and got the following log. I've left out the 390 tracking cookies - 3 trojans were found and quarantined:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/27/2010 at 00:01 AM

Application Version : 4.35.1000

Core Rules Database Version : 4853
Trace Rules Database Version: 2666

Scan type : Complete Scan
Total Scan Time : 01:36:52

Memory items scanned : 791
Memory threats detected : 0
Registry items scanned : 7482
Registry threats detected : 0
File items scanned : 184042
File threats detected : 393

Trojan.Agent/Gen-RogueAV
C:\USERS\STEPHEN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\K9XJRGBP\DATA[2].HTML
C:\USERS\STEPHEN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZQE3D0X2\DATA[3].HTML

Trojan.SVCHost/Fake
C:\WINDOWS\TEMP\QUWJ.TMP\SVCHOST.EXE


Do I need to do anything more at this time other than continue to monitor the performance or is there anything else I need to do? Thanks for the help by the way.

#6 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:02:15 PM

Posted 26 April 2010 - 06:21 PM

See how it goes for a day or so and if you get any more problems post back and let us know

#7 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 27 April 2010 - 11:56 PM

Hmm, I'm unable to get rid of this problem unfortunately at the moment. The google redirect problem is still there, I'm still getting pages popping up and microsoft host processes still keeps crashing. I've updated and run AVG, MABM but found nothing and when I get the time I'm going to run SAS again - any advice would be appreciated.

#8 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:02:15 PM

Posted 28 April 2010 - 03:20 AM

Lets check for rootkits.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

#9 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 30 April 2010 - 06:18 PM

Hi, thanks again. So I had a few failed attempts at running GMER but it worked okay once I turned off devices. My log was as follows:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-01 00:10:12
Windows 6.0.6002 Service Pack 2
Running: x92ksodgmer.exe; Driver: C:\Users\Stephen\AppData\Local\Temp\pxldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x9287D0A2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x9287D972]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x9287CAF8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x928760D8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x92894AA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x9287D602]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x92890F6A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x92891392]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x9289936A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x9287D760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x92876F9A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x928964BC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x92895DB2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x9288FDA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x92896E86]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x928970C4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x92897576]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x92876A8C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x92892FC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x9289830C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x92897840]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x9287C690]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x92897F4C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x9287CDC4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x928773A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x92898894]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x928954D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x9289208E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x92891DBE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x92891806]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 13D 824F78A0 8 Bytes [A2, D0, 87, 92, 72, D9, 87, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 824F7924 4 Bytes [F8, CA, 87, 92] {CLC ; RETF 0x9287}
.text ntkrnlpa.exe!KeSetEvent + 1D9 824F793C 4 Bytes [D8, 60, 87, 92] {FSUB DWORD [EAX-0x79]; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1E9 824F794C 4 Bytes [A6, 4A, 89, 92]
.text ntkrnlpa.exe!KeSetEvent + 205 824F7968 8 Bytes [02, D6, 87, 92, 6A, 0F, 89, ...] {ADD DL, DH; XCHG [EDX-0x6d76f096], EDX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91206000, 0x25826A, 0xE8000020]
.rsrc C:\Windows\system32\DRIVERS\cdrom.sys entry point in ".rsrc" section [0x917D7014]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA02CB300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA030E300, 0x1B7E, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD DX\000.fcl section is writeable [0xA2122000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD DX\000.fcl entry point in ".vmp2" section [0xA2145050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[424] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[424] USER32.dll!IsWindowUnicode + 37 767790B5 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[524] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[544] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgrsx.exe[552] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[588] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[600] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[608] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[784] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Ati2evxx.exe[1400] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1444] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1460] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1488] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 77C84D34 5 Bytes JMP 0092000A
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory 77C85674 5 Bytes JMP 0093000A
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!KiUserExceptionDispatcher 77C85DC8 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1508] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AUDIODG.EXE[1584] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1796] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2504] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] kernel32.dll!SetUnhandledExceptionFilter 7697A84F 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2616] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2784] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[2916] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrB.exe[3084] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!NtProtectVirtualMemory 77C84D34 5 Bytes JMP 0024000A
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!NtWriteVirtualMemory 77C85674 5 Bytes JMP 0025000A
.text C:\Windows\Explorer.EXE[3124] ntdll.dll!KiUserExceptionDispatcher 77C85DC8 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[3184] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3184] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3852] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[4020] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[4776] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[4840] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[5628] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[5664] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] ntdll.dll!NtAccessCheckByType 77C84044 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] ntdll.dll!NtAlpcImpersonateClientOfPort 77C84214 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] ntdll.dll!NtImpersonateClientOfPort 77C849E4 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] ntdll.dll!NtSetInformationProcess 77C85324 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] kernel32.dll!OpenProcess 76997267 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] ADVAPI32.dll!ImpersonateNamedPipeClient 77693A48 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] ADVAPI32.dll!SetThreadToken 776A8E21 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] USER32.dll!FindWindowA 76779D76 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Stephen\x92ksodgmer.exe[6036] USER32.dll!FindWindowW 7678A441 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\wininit.exe[524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[544] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\AVG\AVG9\avgrsx.exe[552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lsm.exe[608] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\AVG\AVG9\avgcsrvx.exe[752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\SearchIndexer.exe[784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\Ati2evxx.exe[1400] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\WUDFHost.exe[1444] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\spoolsv.exe[1576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\AUDIODG.EXE[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Dell\DellDock\DockLogin.exe[1796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1820] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[2164] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\taskeng.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\AVG\AVG9\avgnsx.exe[2784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\PnkBstrA.exe[2916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\PnkBstrB.exe[3084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[3516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3748] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3780] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[4020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\unsecapp.exe[4776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\SearchFilterHost.exe[5628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\SearchProtocolHost.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Stephen\x92ksodgmer.exe[6036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\DRIVERS\cdrom.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#10 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:02:15 PM

Posted 30 April 2010 - 07:19 PM

File C:\Windows\system32\DRIVERS\cdrom.sys suspicious modification

This is the problem-you have a rootkit which cannot be fixed in this forum

Follow steps 6-9 here and post in that forum
You have got the GMER log already so no need to do that again.

#11 Imhotep is Invisible

Imhotep is Invisible
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 01 May 2010 - 06:14 AM

Hi again, have done that now and will wait for further advice. Many thanks again for your time and good luck to Utd for the title from a Villa fan :thumbsup:

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:15 AM

Posted 01 May 2010 - 07:29 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/313961/cdromsys-suspicious-modification/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users