Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible malware


  • Please log in to reply
7 replies to this topic

#1 peabo

peabo

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 24 May 2011 - 09:47 AM

Hello,
Yesterday I was getting Google redirects....done a Avast,Malwarebytes, and Ad-ware scan with no detections. The Google redirect problem hasn't show yet today. But, I'm convinced I still haven't eradicated the problem.... after reading some threads here I realize it takes more steps than what i preformed thus far. I'm ready for any suggestions.

Thanks

BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:06:56 AM

Posted 24 May 2011 - 01:33 PM

Hi peabo,

Could you please post the results from your Malwarebytes Scan and also your Avast scan log?

Also, please run GMER.

Please download GMER from one of the following locations and save it to your desktop:

* Main Mirror
This version will download a randomly named file (Recommended)
* Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

* Disconnect from the Internet and close all running programs.
* Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
* Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
* Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
Posted Image

* GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
* If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
* Now click the Scan button. If you see a rootkit warning window, click OK.
* When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
* Click the Copy button and paste the results into your next reply.
* Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 May 2011 - 07:26 AM

Thank you for taking time to help,Malwarebytes Scan Avast scan logs showed no infection. When I pasted gmer.log I get "Your post was too long. Please go back and shorten it a little". I also noticed I can't attach as zip

#4 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:06:56 AM

Posted 25 May 2011 - 08:03 AM

Hi peabo,

If you can break it up into 2 pieces that will work fine also.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#5 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 May 2011 - 09:49 AM

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 06:27:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b ST3200826A rev.3.03
Running: v7tw3z18.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fftcapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB44D7202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB453DCB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB44FB6C1]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB465C534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB44D981C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB44D9874]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB4656782]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB44D998A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB44FB075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB44D9772]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB465CCC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB44D98C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB44D97C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB44D9938]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB465CDF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB44D7226]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB4657398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB44FBD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB44FC03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB44D9C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB44FBBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB44FBA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB453DD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB44D6FF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB467793C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB4677B44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB44D724A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB44D9D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB44D7CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB44D984C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB44D989C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB4656FAA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB44D99B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB44FB3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB44D979E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB44D9A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB44D9904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB44D97F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB44D9B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB44D9962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB453DDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB44FB8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB44D7BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB44FB72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB4546E48]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB4678208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB465C0F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB44FA6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB44D726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB44D7292]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB465775C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB4678E12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB44D704A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB44D7186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB44FBE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB44D7162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB44D71AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB44D72B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [1C, 98, 4D, B4, 74, 98, 4D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 12 Bytes [26, 72, 4D, B4, 98, 73, 65, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [F0, 6F, 4D, B4, 3C, 79, 67, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 16 Bytes [4C, 98, 4D, B4, 9C, 98, 4D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, A6, 4F, B4]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B44D8335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B454F2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B4550D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8EC5000, 0x17C39E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B44DACCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B44DABDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B44D9F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B44DAE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B44DB040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B44DAB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B44D9FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B44DA1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B44DA352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B44D9E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B44DAC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B44DAF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B44DA32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B44D9E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B44DAD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B44DA06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B44DA0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B44DA114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B44D9DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B44D9F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 2 Bytes JMP B44DA034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2589 BF914AF6 2 Bytes [BC, F4]
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B44DA46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B44DAEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[572] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cisvc.exe[576] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 06:27:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b ST3200826A rev.3.03
Running: v7tw3z18.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fftcapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB44D7202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB453DCB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB44FB6C1]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB465C534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB44D981C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB44D9874]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB4656782]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB44D998A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB44FB075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB44D9772]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB465CCC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB44D98C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB44D97C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB44D9938]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB465CDF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB44D7226]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB4657398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB44FBD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB44FC03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB44D9C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB44FBBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB44FBA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB453DD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB44D6FF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB467793C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB4677B44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB44D724A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB44D9D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB44D7CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB44D984C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB44D989C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB4656FAA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB44D99B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB44FB3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB44D979E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB44D9A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB44D9904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB44D97F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB44D9B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB44D9962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB453DDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB44FB8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB44D7BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB44FB72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB4546E48]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB4678208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB465C0F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB44FA6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB44D726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB44D7292]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB465775C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB4678E12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB44D704A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB44D7186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB44FBE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB44D7162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB44D71AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB44D72B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [1C, 98, 4D, B4, 74, 98, 4D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 12 Bytes [26, 72, 4D, B4, 98, 73, 65, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [F0, 6F, 4D, B4, 3C, 79, 67, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 16 Bytes [4C, 98, 4D, B4, 9C, 98, 4D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, A6, 4F, B4]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B44D8335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B454F2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B4550D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8EC5000, 0x17C39E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B44DACCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B44DABDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B44D9F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B44DAE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B44DB040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B44DAB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B44D9FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B44DA1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B44DA352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B44D9E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B44DAC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B44DAF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B44DA32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B44D9E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B44DAD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B44DA06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B44DA0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B44DA114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B44D9DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B44D9F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 2 Bytes JMP B44DA034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2589 BF914AF6 2 Bytes [BC, F4]
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B44DA46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B44DAEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[572] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cisvc.exe[576] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

#6 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 May 2011 - 12:50 PM

ignore 10:49am post....it was incomplete. next 2 should be correct

Edited by peabo, 25 May 2011 - 01:50 PM.


#7 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 May 2011 - 01:53 PM

1st half of GMER.log






GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 06:27:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b ST3200826A rev.3.03
Running: v7tw3z18.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fftcapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwAddBootEntry [0xB44D7202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

ZwAllocateVirtualMemory [0xB453DCB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwClose [0xB44FB6C1]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwConnectPort [0xB465C534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateEvent [0xB44D981C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateEventPair [0xB44D9874]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwCreateFile [0xB4656782]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateIoCompletion [0xB44D998A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateKey [0xB44FB075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateMutant [0xB44D9772]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwCreatePort [0xB465CCC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateSection [0xB44D98C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateSemaphore [0xB44D97C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateTimer [0xB44D9938]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwCreateWaitablePort [0xB465CDF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDeleteBootEntry [0xB44D7226]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwDeleteFile [0xB4657398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDeleteKey [0xB44FBD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDeleteValueKey [0xB44FC03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDuplicateObject [0xB44D9C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwEnumerateKey [0xB44FBBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwEnumerateValueKey [0xB44FBA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

ZwFreeVirtualMemory [0xB453DD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwLoadDriver [0xB44D6FF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwLoadKey [0xB467793C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwLoadKey2 [0xB4677B44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwModifyBootEntry [0xB44D724A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwNotifyChangeKey [0xB44D9D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwNotifyChangeMultipleKeys [0xB44D7CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenEvent [0xB44D984C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenEventPair [0xB44D989C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwOpenFile [0xB4656FAA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenIoCompletion [0xB44D99B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenKey [0xB44FB3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenMutant [0xB44D979E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenProcess [0xB44D9A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenSection [0xB44D9904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenSemaphore [0xB44D97F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenThread [0xB44D9B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenTimer [0xB44D9962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

ZwProtectVirtualMemory [0xB453DDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwQueryKey [0xB44FB8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwQueryObject [0xB44D7BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwQueryValueKey [0xB44FB72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

ZwRenameKey [0xB4546E48]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwReplaceKey [0xB4678208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwRequestWaitReplyPort [0xB465C0F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwRestoreKey [0xB44FA6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetBootEntryOrder [0xB44D726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetBootOptions [0xB44D7292]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwSetInformationFile [0xB465775C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

ZwSetSecurityObject [0xB4678E12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetSystemInformation [0xB44D704A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetSystemPowerState [0xB44D7186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetValueKey [0xB44FBE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwShutdownSystem [0xB44D7162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSystemDebugControl [0xB44D71AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwVdmControl [0xB44D72B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70

8050450C 16 Bytes [1C, 98, 4D, B4, 74, 98, 4D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8

80504574 12 Bytes [26, 72, 4D, B4, 98, 73, 65, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68

80504604 12 Bytes [F0, 6F, 4D, B4, 3C, 79, 67, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC

80504648 16 Bytes [4C, 98, 4D, B4, 9C, 98, 4D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14

805047B0 4 Bytes [E8, A6, 4F, B4]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC

805A64A8 4 Bytes CALL B44D8335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject

805BC556 5 Bytes JMP B454F2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject

805C2FDA 5 Bytes JMP B4550D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

section is writeable [0xB8EC5000, 0x17C39E, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674

BF809922 5 Bytes JMP B44DACCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45

BF813911 5 Bytes JMP B44DABDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B

BF824157 5 Bytes JMP B44D9F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C

BF828CE9 5 Bytes JMP B44DAE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50

BF8316DA 5 Bytes JMP B44DB040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2

BF83A37C 5 Bytes JMP B44DAB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35

BF857E69 5 Bytes JMP B44D9FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C

BF866FF4 5 Bytes JMP B44DA1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517

BF86707F 5 Bytes JMP B44DA352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47

BF867AAF 5 Bytes JMP B44D9E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC

BF86E664 5 Bytes JMP B44DAC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7

BF871F85 5 Bytes JMP B44DAF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E

BF88C9D8 5 Bytes JMP B44DA32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149

BF8B0CBE 5 Bytes JMP B44D9E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF

BF8C26A3 5 Bytes JMP B44DAD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450

BF8C3048 5 Bytes JMP B44DA06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517

BF8CB4AA 5 Bytes JMP B44DA0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797

BF8CB72A 5 Bytes JMP B44DA114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E

BF8ED1B7 5 Bytes JMP B44D9DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2

BF913F1F 5 Bytes JMP B44D9F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586

BF914AF3 2 Bytes JMP B44DA034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2589

BF914AF6 2 Bytes [BC, F4]
.text win32k.sys!EngCreateClip + 4EE5

BF917452 5 Bytes JMP B44DA46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924

BF945FB0 5 Bytes JMP B44DAEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[316] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[316] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[500] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[572] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[572] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[572] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[572] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[576] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cisvc.exe[576] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cisvc.exe[576] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cisvc.exe[576] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[588] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[672] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[672] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[728] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[728] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[728] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[728] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[828] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[964] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[964] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1024] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[1024] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1080] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!FindWindowA

7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!FindWindowW

7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtAccessCheckByType

7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtImpersonateClientOfPort

7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!NtSetInformationProcess

7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] kernel32.dll!OpenProcess

7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!ImpersonateNamedPipeClient

77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!SetThreadToken

77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software

Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text

#8 peabo

peabo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 25 May 2011 - 01:54 PM

2nd half of gmer.log



.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1320] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1776] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\wscntfy.exe[2060] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2060] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2060] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2060] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[2328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2328] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2328] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\dllhost.exe[2616] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[2616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[2616] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[2616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[2616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\AGRSMMSG.exe[3052] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\AGRSMMSG.exe[3052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[3052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\AGRSMMSG.exe[3052] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\AGRSMMSG.exe[3052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\AGRSMMSG.exe[3052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\pctspk.exe[3076] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\pctspk.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\pctspk.exe[3076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\pctspk.exe[3076] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\pctspk.exe[3076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\pctspk.exe[3076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\alg.exe[3404] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3404] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00480804
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00480A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00480600
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004801F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004803FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00491014
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00490804
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00490A08
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00490C0C
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00490E10
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004901F8
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004903FC
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00490600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4661672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B46614C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4661CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B465FC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B465FC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4661672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B46614C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4661CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4661672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B465FC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4661CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B46614C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4661CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B46614C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4661672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B465FC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4661672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B46614C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4661CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [B4661672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [B465FC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [B4661CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [B46614C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\spoolsv.exe[316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\cidaemon.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\cisvc.exe[576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehRecvr.exe[588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\cidaemon.exe[728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\Ati2evxx.exe[828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehSched.exe[1024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\Ati2evxx.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\HP_Administrator\Desktop\viruscheck\v7tw3z18.exe[1244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\SUPERFAX\PROGRAM\PICPMON.EXE[1872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wscntfy.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[2296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wdfmgr.exe[2328] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\dllhost.exe[2616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\AGRSMMSG.exe[3052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\pctspk.exe[3076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3084] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[3404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3500] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r34 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users