Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit


  • Please log in to reply
22 replies to this topic

#1 contwo

contwo

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 March 2012 - 01:20 AM

Hiya,

For the past week my PC has taken an age to boot up and when I access the Internet it performs very slowly. I have tried removing unwanted applications. Ran anti virus Spyware and adware apps as I thought it was a browser hijacker but it's still running slow.

Yesterday my Avast anitvirus told me it had detected a Rootkit called Win32:MBRoot-J. Avast asks me to run the Bootscan but after my PC boots up again the same message saying the Rootkit has been detected so I'm assuming Avast hasn't been able to remove it?

Can anyone help me?

Many Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 AM

Posted 15 March 2012 - 07:31 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 March 2012 - 08:11 AM

Thanks for your help,

I will follow your instructions when I get later today when I get home. Do I just cut and paste the log results into the reply box?

#4 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 March 2012 - 12:33 PM

Hiya here's the log report from TDSKiller, I didn't reboot the PC, I hope this was the right thing to do?

17:27:40.0281 5548 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:27:42.0281 5548 ============================================================
17:27:42.0281 5548 Current date / time: 2012/03/15 17:27:42.0281
17:27:42.0281 5548 SystemInfo:
17:27:42.0281 5548
17:27:42.0281 5548 OS Version: 5.1.2600 ServicePack: 3.0
17:27:42.0281 5548 Product type: Workstation
17:27:42.0281 5548 ComputerName: PAUL-4C5DBA59E5
17:27:42.0281 5548 UserName: Paul Cundall
17:27:42.0281 5548 Windows directory: C:\WINDOWS
17:27:42.0281 5548 System windows directory: C:\WINDOWS
17:27:42.0281 5548 Processor architecture: Intel x86
17:27:42.0281 5548 Number of processors: 2
17:27:42.0281 5548 Page size: 0x1000
17:27:42.0281 5548 Boot type: Normal boot
17:27:42.0281 5548 ============================================================
17:27:45.0437 5548 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:27:45.0437 5548 \Device\Harddisk0\DR0:
17:27:45.0437 5548 MBR used
17:27:45.0437 5548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
17:27:45.0468 5548 Initialize success
17:27:45.0468 5548 ============================================================
17:29:28.0046 1676 ============================================================
17:29:28.0046 1676 Scan started
17:29:28.0046 1676 Mode: Manual;
17:29:28.0046 1676 ============================================================
17:29:28.0328 1676 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:29:28.0328 1676 Aavmker4 - ok
17:29:28.0328 1676 Abiosdsk - ok
17:29:28.0343 1676 abp480n5 - ok
17:29:28.0375 1676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:28.0375 1676 ACPI - ok
17:29:28.0406 1676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:28.0406 1676 ACPIEC - ok
17:29:28.0421 1676 adpu160m - ok
17:29:28.0453 1676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:29:28.0453 1676 aec - ok
17:29:28.0500 1676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:29:28.0515 1676 AFD - ok
17:29:28.0515 1676 Aha154x - ok
17:29:28.0531 1676 aic78u2 - ok
17:29:28.0531 1676 aic78xx - ok
17:29:28.0546 1676 AliIde - ok
17:29:28.0593 1676 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:29:28.0593 1676 AmdK8 - ok
17:29:28.0593 1676 amsint - ok
17:29:28.0609 1676 asc - ok
17:29:28.0625 1676 asc3350p - ok
17:29:28.0625 1676 asc3550 - ok
17:29:28.0671 1676 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:29:28.0671 1676 aswFsBlk - ok
17:29:28.0687 1676 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:29:28.0687 1676 aswMon2 - ok
17:29:28.0703 1676 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
17:29:28.0703 1676 aswRdr - ok
17:29:28.0734 1676 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:29:28.0750 1676 aswSnx - ok
17:29:28.0765 1676 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:29:28.0765 1676 aswSP - ok
17:29:28.0796 1676 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:29:28.0796 1676 aswTdi - ok
17:29:28.0812 1676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:28.0812 1676 AsyncMac - ok
17:29:28.0843 1676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:28.0843 1676 atapi - ok
17:29:28.0843 1676 Atdisk - ok
17:29:28.0921 1676 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:29:28.0937 1676 ati2mtag - ok
17:29:28.0968 1676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:28.0968 1676 Atmarpc - ok
17:29:29.0015 1676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:29.0015 1676 audstub - ok
17:29:29.0046 1676 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:29:29.0046 1676 bcm4sbxp - ok
17:29:29.0078 1676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:29.0078 1676 Beep - ok
17:29:29.0125 1676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:29.0140 1676 cbidf2k - ok
17:29:29.0156 1676 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:29:29.0156 1676 CCDECODE - ok
17:29:29.0156 1676 cd20xrnt - ok
17:29:29.0171 1676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:29.0171 1676 Cdaudio - ok
17:29:29.0171 1676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:29.0171 1676 Cdfs - ok
17:29:29.0187 1676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:29.0203 1676 Cdrom - ok
17:29:29.0203 1676 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:29:29.0203 1676 cercsr6 - ok
17:29:29.0218 1676 CmdIde - ok
17:29:29.0234 1676 Cpqarray - ok
17:29:29.0250 1676 dac2w2k - ok
17:29:29.0265 1676 dac960nt - ok
17:29:29.0281 1676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:29.0281 1676 Disk - ok
17:29:29.0328 1676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:29.0328 1676 dmboot - ok
17:29:29.0343 1676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:29:29.0343 1676 dmio - ok
17:29:29.0359 1676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:29.0359 1676 dmload - ok
17:29:29.0359 1676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:29.0375 1676 DMusic - ok
17:29:29.0375 1676 dpti2o - ok
17:29:29.0390 1676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:29.0390 1676 drmkaud - ok
17:29:29.0437 1676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:29.0453 1676 Fastfat - ok
17:29:29.0453 1676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:29:29.0453 1676 Fdc - ok
17:29:29.0578 1676 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
17:29:29.0578 1676 FileMonitor - ok
17:29:29.0593 1676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:29:29.0593 1676 Fips - ok
17:29:29.0609 1676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:29:29.0609 1676 Flpydisk - ok
17:29:29.0609 1676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:29.0625 1676 FltMgr - ok
17:29:29.0625 1676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:29.0625 1676 Fs_Rec - ok
17:29:29.0656 1676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:29.0656 1676 Ftdisk - ok
17:29:29.0687 1676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:29:29.0687 1676 GEARAspiWDM - ok
17:29:29.0687 1676 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
17:29:29.0703 1676 ggflt - ok
17:29:29.0703 1676 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
17:29:29.0718 1676 ggsemc - ok
17:29:29.0718 1676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:29.0718 1676 Gpc - ok
17:29:29.0765 1676 GUCI_AVS (9e19744d36262441fca59509b78328cb) C:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys
17:29:29.0781 1676 GUCI_AVS - ok
17:29:29.0796 1676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:29:29.0812 1676 HDAudBus - ok
17:29:29.0812 1676 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:29.0828 1676 hidusb - ok
17:29:29.0828 1676 hpn - ok
17:29:29.0890 1676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:29.0890 1676 HTTP - ok
17:29:29.0906 1676 i2omp - ok
17:29:29.0906 1676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
17:29:29.0906 1676 i8042prt - ok
17:29:29.0921 1676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:29.0921 1676 Imapi - ok
17:29:29.0937 1676 ini910u - ok
17:29:29.0953 1676 IntelIde - ok
17:29:29.0984 1676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:29.0984 1676 Ip6Fw - ok
17:29:30.0000 1676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:30.0015 1676 IpFilterDriver - ok
17:29:30.0015 1676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:30.0015 1676 IpInIp - ok
17:29:30.0046 1676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:30.0046 1676 IpNat - ok
17:29:30.0062 1676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:30.0062 1676 IPSec - ok
17:29:30.0062 1676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:30.0078 1676 IRENUM - ok
17:29:30.0078 1676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:30.0093 1676 isapnp - ok
17:29:30.0156 1676 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:29:30.0171 1676 ISWKL - ok
17:29:30.0187 1676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:30.0187 1676 Kbdclass - ok
17:29:30.0187 1676 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:30.0203 1676 kbdhid - ok
17:29:30.0218 1676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:30.0234 1676 kmixer - ok
17:29:30.0250 1676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:30.0250 1676 KSecDD - ok
17:29:30.0265 1676 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:29:30.0281 1676 Lbd - ok
17:29:30.0312 1676 MEMSWEEP2 - ok
17:29:30.0343 1676 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:29:30.0343 1676 MHNDRV - ok
17:29:30.0375 1676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:30.0375 1676 mnmdd - ok
17:29:30.0406 1676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:29:30.0406 1676 Modem - ok
17:29:30.0421 1676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:30.0421 1676 Mouclass - ok
17:29:30.0437 1676 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:30.0453 1676 mouhid - ok
17:29:30.0453 1676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:30.0453 1676 MountMgr - ok
17:29:30.0468 1676 mraid35x - ok
17:29:30.0468 1676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:30.0484 1676 MRxDAV - ok
17:29:30.0515 1676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:30.0531 1676 MRxSmb - ok
17:29:30.0546 1676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:30.0546 1676 Msfs - ok
17:29:30.0562 1676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:30.0578 1676 MSKSSRV - ok
17:29:30.0578 1676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:30.0578 1676 MSPCLOCK - ok
17:29:30.0609 1676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:30.0609 1676 MSPQM - ok
17:29:30.0609 1676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:30.0609 1676 mssmbios - ok
17:29:30.0625 1676 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:29:30.0625 1676 MSTEE - ok
17:29:30.0656 1676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:29:30.0671 1676 Mup - ok
17:29:30.0671 1676 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:29:30.0671 1676 NABTSFEC - ok
17:29:30.0687 1676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:30.0687 1676 NDIS - ok
17:29:30.0703 1676 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:29:30.0703 1676 NdisIP - ok
17:29:30.0718 1676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:30.0718 1676 NdisTapi - ok
17:29:30.0734 1676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:30.0734 1676 Ndisuio - ok
17:29:30.0750 1676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:30.0750 1676 NdisWan - ok
17:29:30.0796 1676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:30.0796 1676 NDProxy - ok
17:29:30.0796 1676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:30.0796 1676 NetBIOS - ok
17:29:30.0812 1676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:30.0812 1676 NetBT - ok
17:29:30.0843 1676 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
17:29:30.0859 1676 nmwcd - ok
17:29:30.0859 1676 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
17:29:30.0859 1676 nmwcdc - ok
17:29:30.0875 1676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:29:30.0875 1676 Npfs - ok
17:29:30.0906 1676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:30.0906 1676 Ntfs - ok
17:29:30.0921 1676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:29:30.0921 1676 Null - ok
17:29:31.0140 1676 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:29:31.0265 1676 nv - ok
17:29:31.0281 1676 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
17:29:31.0281 1676 NVHDA - ok
17:29:31.0312 1676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:31.0312 1676 NwlnkFlt - ok
17:29:31.0328 1676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:31.0328 1676 NwlnkFwd - ok
17:29:31.0359 1676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:29:31.0359 1676 Parport - ok
17:29:31.0375 1676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:31.0375 1676 PartMgr - ok
17:29:31.0406 1676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:31.0406 1676 ParVdm - ok
17:29:31.0437 1676 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:29:31.0453 1676 pccsmcfd - ok
17:29:31.0453 1676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:29:31.0453 1676 PCI - ok
17:29:31.0468 1676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:29:31.0468 1676 PCIIde - ok
17:29:31.0484 1676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:29:31.0500 1676 Pcmcia - ok
17:29:31.0500 1676 perc2 - ok
17:29:31.0515 1676 perc2hib - ok
17:29:31.0546 1676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:31.0562 1676 PptpMiniport - ok
17:29:31.0578 1676 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:29:31.0578 1676 Processor - ok
17:29:31.0593 1676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:29:31.0593 1676 PSched - ok
17:29:31.0593 1676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:31.0609 1676 Ptilink - ok
17:29:31.0625 1676 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:29:31.0625 1676 PxHelp20 - ok
17:29:31.0625 1676 ql1080 - ok
17:29:31.0640 1676 Ql10wnt - ok
17:29:31.0656 1676 ql12160 - ok
17:29:31.0656 1676 ql1240 - ok
17:29:31.0671 1676 ql1280 - ok
17:29:31.0703 1676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:31.0703 1676 RasAcd - ok
17:29:31.0703 1676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:31.0718 1676 Rasl2tp - ok
17:29:31.0718 1676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:31.0718 1676 RasPppoe - ok
17:29:31.0734 1676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:31.0734 1676 Raspti - ok
17:29:31.0750 1676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:31.0750 1676 Rdbss - ok
17:29:31.0750 1676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:31.0750 1676 RDPCDD - ok
17:29:31.0796 1676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:31.0812 1676 rdpdr - ok
17:29:31.0859 1676 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:31.0859 1676 RDPWD - ok
17:29:31.0859 1676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:31.0875 1676 redbook - ok
17:29:32.0015 1676 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
17:29:32.0015 1676 RegFilter - ok
17:29:32.0062 1676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:29:32.0062 1676 Secdrv - ok
17:29:32.0078 1676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:29:32.0078 1676 Serial - ok
17:29:32.0109 1676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:29:32.0125 1676 Sfloppy - ok
17:29:32.0125 1676 Simbad - ok
17:29:32.0156 1676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:29:32.0156 1676 SLIP - ok
17:29:32.0187 1676 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
17:29:32.0203 1676 SmartDefragDriver - ok
17:29:32.0203 1676 Sparrow - ok
17:29:32.0234 1676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:29:32.0234 1676 splitter - ok
17:29:32.0250 1676 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
17:29:32.0265 1676 sp_rsdrv2 - ok
17:29:32.0281 1676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:29:32.0281 1676 sr - ok
17:29:32.0312 1676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:29:32.0312 1676 Srv - ok
17:29:32.0390 1676 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
17:29:32.0406 1676 STHDA - ok
17:29:32.0421 1676 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:29:32.0421 1676 streamip - ok
17:29:32.0453 1676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:29:32.0453 1676 swenum - ok
17:29:32.0453 1676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:29:32.0468 1676 swmidi - ok
17:29:32.0468 1676 symc810 - ok
17:29:32.0484 1676 symc8xx - ok
17:29:32.0500 1676 sym_hi - ok
17:29:32.0500 1676 sym_u3 - ok
17:29:32.0531 1676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:29:32.0531 1676 sysaudio - ok
17:29:32.0562 1676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:29:32.0578 1676 Tcpip - ok
17:29:32.0609 1676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:29:32.0609 1676 TDPIPE - ok
17:29:32.0625 1676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:29:32.0625 1676 TDTCP - ok
17:29:32.0625 1676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:29:32.0625 1676 TermDD - ok
17:29:32.0640 1676 TosIde - ok
17:29:32.0671 1676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:29:32.0671 1676 Udfs - ok
17:29:32.0687 1676 ultra - ok
17:29:32.0703 1676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:29:32.0703 1676 Update - ok
17:29:32.0750 1676 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
17:29:32.0750 1676 upperdev - ok
17:29:32.0781 1676 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
17:29:32.0781 1676 UrlFilter - ok
17:29:32.0812 1676 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:29:32.0828 1676 USBAAPL - ok
17:29:32.0843 1676 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:29:32.0843 1676 usbaudio - ok
17:29:32.0859 1676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:29:32.0859 1676 usbccgp - ok
17:29:32.0875 1676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:29:32.0875 1676 usbehci - ok
17:29:32.0890 1676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:29:32.0890 1676 usbhub - ok
17:29:32.0906 1676 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:29:32.0906 1676 usbohci - ok
17:29:32.0953 1676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:29:32.0953 1676 usbscan - ok
17:29:32.0953 1676 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
17:29:32.0968 1676 usbser - ok
17:29:32.0968 1676 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
17:29:32.0968 1676 UsbserFilt - ok
17:29:33.0000 1676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:29:33.0000 1676 USBSTOR - ok
17:29:33.0000 1676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:29:33.0000 1676 VgaSave - ok
17:29:33.0015 1676 ViaIde - ok
17:29:33.0031 1676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:29:33.0031 1676 VolSnap - ok
17:29:33.0078 1676 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
17:29:33.0109 1676 Vsdatant - ok
17:29:33.0171 1676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:29:33.0171 1676 Wanarp - ok
17:29:33.0203 1676 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:29:33.0203 1676 Wdf01000 - ok
17:29:33.0218 1676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:29:33.0218 1676 wdmaud - ok
17:29:33.0281 1676 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:29:33.0296 1676 WpdUsb - ok
17:29:33.0312 1676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:29:33.0312 1676 WS2IFSL - ok
17:29:33.0328 1676 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:29:33.0328 1676 WSTCODEC - ok
17:29:33.0375 1676 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:29:33.0375 1676 WudfPf - ok
17:29:33.0390 1676 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:29:33.0390 1676 WudfRd - ok
17:29:33.0406 1676 xcpip - ok
17:29:33.0421 1676 xpsec - ok
17:29:33.0437 1676 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
17:29:33.0437 1676 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
17:29:33.0437 1676 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
17:29:33.0453 1676 Boot (0x1200) (cac7032bfba371b5fd21d4f689e49e99) \Device\Harddisk0\DR0\Partition0
17:29:33.0453 1676 \Device\Harddisk0\DR0\Partition0 - ok
17:29:33.0453 1676 ============================================================
17:29:33.0453 1676 Scan finished
17:29:33.0453 1676 ============================================================
17:29:33.0468 5864 Detected object count: 1
17:29:33.0468 5864 Actual detected object count: 1
17:30:22.0328 5864 \Device\Harddisk0\DR0\# - copied to quarantine
17:30:22.0328 5864 \Device\Harddisk0\DR0 - copied to quarantine
17:30:22.0343 5864 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
17:30:22.0343 5864 \Device\Harddisk0\DR0 - ok
17:30:22.0343 5864 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
17:31:04.0609 5636 Deinitialize success

#5 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 March 2012 - 02:06 PM

Here's the gmer.log

BP says it's too long so I will paste it into 2 replys. Here's Part 1:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-15 18:58:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD103SJ rev.1AJ10001
Running: 0iru20t6.exe; Driver: C:\DOCUME~1\PAULCU~1\LOCALS~1\Temp\pwacapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF3E64DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF3F19A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF3E6585E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xF3FFC444]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF40642F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF3E6A2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3E6A330]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xF3FFBC8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF3E6A422]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xF3FFB958]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3E6A252]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF4064A80]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xF3FFD520]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF3E6A29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF3E6A3DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF4064BB6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF3E64E44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF405F1E0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xF3FFBA68]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xF3FFBB5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF3E679A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3E9228E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3E920F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF3F19B34]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xF3FFC780]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF407F794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF407F99C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF3E64E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3E67D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF3E65B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF3E6A30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF3E6A352]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xF3FFBF9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF3E6A446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF3E91A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF3E6A278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3E67518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF3E6A3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF3E6A2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF3E6774C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3E6A400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF3F19CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF3E91F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF3E659CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF3E91DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF3F23B68]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF4080060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF4063EC4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF3E90D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF3E64EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF3E64F28]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xF3FFC0D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF4080C6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF3E64B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF3E64CEA]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xF3FFB77E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF3E64C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF3E64D5A]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xF3FFC6C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF3E64F74]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xF3FFC2BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xF3F19BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [E4, A2, E6, F3, 30, A3, E6, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 12 Bytes [44, 4E, E6, F3, E0, F1, 05, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [80, C7, FF, F3, 94, F7, 07, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 16 Bytes [0E, A3, E6, F3, 52, A3, E6, ...] {PUSH CS; MOV [0xa352f3e6], EAX; OUT 0xf3, AL; PUSHF ; MOV EDI, 0xa446f3ff; OUT 0xf3, AL}
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC0 8050465C 8 Bytes [6D, 1A, E9, F3, 78, A2, E6, ...]
PAGE ntkrnlpa.exe!IoGetDmaAdapter + 155 80586E37 6 Bytes JMP F3F12836 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP F3F2CC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP F3F2E74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? RGRCZ@J@ The filename, directory name, or volume label syntax is incorrect. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF67003A0, 0x59FFE5, 0xE8000020]
? system32\drivers\xpsec.sys The system cannot find the path specified. !
? system32\drivers\xcpip.sys The system cannot find the path specified. !
? system32\drivers\27606304.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 014E9D85
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014E98B1
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014E9C37
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014E9A03
.text C:\Program Files\Google\Update\GoogleUpdate.exe[372] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014E9AD6
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01859D85
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018598B1
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01859C37
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01859A03
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01859AD6
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\smss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[768] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[768] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\dllhost.exe[768] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01279D85
.text C:\WINDOWS\system32\dllhost.exe[768] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012798B1
.text C:\WINDOWS\system32\dllhost.exe[768] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01279C37
.text C:\WINDOWS\system32\dllhost.exe[768] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01279A03
.text C:\WINDOWS\system32\dllhost.exe[768] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01279AD6
.text C:\WINDOWS\system32\csrss.exe[940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[940] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[964] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 011E2C81
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 038A9D85
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 038A98B1
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 038A9C37
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 038A9A03
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 038A9AD6
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\nvsvc32.exe[1256] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1256] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01479D85
.text C:\WINDOWS\system32\nvsvc32.exe[1256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014798B1
.text C:\WINDOWS\system32\nvsvc32.exe[1256] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01479C37
.text C:\WINDOWS\system32\nvsvc32.exe[1256] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01479A03
.text C:\WINDOWS\system32\nvsvc32.exe[1256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01479AD6
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02BC9D85
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02BC98B1
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02BC9C37
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02BC9A03
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02BC9AD6
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0A679D85
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0A6798B1
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0A679C37
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0A679A03
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0A679AD6
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01B69D85
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B698B1
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01B69C37
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01B69A03
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01B69AD6
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00331014
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00330804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00330A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00330C0C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00330E10
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003301F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003303FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00330600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00340804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00340A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00340600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003401F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003403FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] WS2_32.dll!closesocket 33DD3E2B 5 Bytes JMP 37B79D85
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] WS2_32.dll!send 33DD4C27 5 Bytes JMP 37B798B1
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] WS2_32.dll!WSARecv 33DD4CB5 5 Bytes JMP 37B79C37
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] WS2_32.dll!recv 33DD676F 5 Bytes JMP 37B79A03
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] WS2_32.dll!WSASend 33DD68FA 5 Bytes JMP 37B79AD6
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2036] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[2036] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 01772A93
.text C:\WINDOWS\Explorer.EXE[2036] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01509D85
.text C:\WINDOWS\Explorer.EXE[2036] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015098B1
.text C:\WINDOWS\Explorer.EXE[2036] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01509C37
.text C:\WINDOWS\Explorer.EXE[2036] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01509A03
.text C:\WINDOWS\Explorer.EXE[2036] WS2_32.dll!WSASend

#6 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 March 2012 - 02:09 PM

Here's Part 2 of 3 of the gmer.log


.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01439D85
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014398B1
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01439C37
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01439A03
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01439AD6
.text C:\WINDOWS\system32\spoolsv.exe[2192] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2192] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C771 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 026B9D85
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 026B98B1
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 026B9C37
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 026B9A03
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 026B9AD6
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C39D85
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C398B1
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C39C37
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C39A03
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C39AD6
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BE9D85
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BE98B1
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BE9C37
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BE9A03
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BE9AD6
.text C:\WINDOWS\system32\svchost.exe[3172] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3172] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Spyware Terminator\st_rsser.exe[3432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01119D85
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011198B1
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01119C37
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01119A03
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01119AD6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01029D85
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010298B1
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01029C37
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01029A03
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01029AD6
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01039D85
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010398B1
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01039C37
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01039A03
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01039AD6
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CD9D85
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CD98B1
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD9C37
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CD9A03
.text C:\WINDOWS\eHome\ehRecvr.exe[3848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CD9AD6
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01069D85
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010698B1
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01069C37
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01069A03
.text C:\WINDOWS\ehome\mcrdsvc.exe[3908] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01069AD6
.text C:\WINDOWS\eHome\ehSched.exe[4000] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[4000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[4000] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[4000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[4000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\eHome\ehSched.exe[4000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DB9D85
.text C:\WINDOWS\eHome\ehSched.exe[4000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DB98B1
.text C:\WINDOWS\eHome\ehSched.exe[4000] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DB9C37
.text C:\WINDOWS\eHome\ehSched.exe[4000] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DB9A03
.text C:\WINDOWS\eHome\ehSched.exe[4000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DB9AD6
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03099D85
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] WS2_32.dll!send 71AB4C27 5 Bytes JMP 030998B1
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03099C37
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03099A03
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4444] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03099AD6
.text C:\WINDOWS\System32\alg.exe[4636] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[4636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[4636] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[4636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC

Here's part 3 of 3 of the gmer.log:

.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[4636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[4636] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F99D85
.text C:\WINDOWS\System32\alg.exe[4636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F998B1
.text C:\WINDOWS\System32\alg.exe[4636] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F99C37
.text C:\WINDOWS\System32\alg.exe[4636] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F99A03
.text C:\WINDOWS\System32\alg.exe[4636] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F99AD6
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 24, 00] {SUB [EAX], AL; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 24, 00] {SUB [EBX], AL; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 24, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 24, 00] {TEST AL, 0x1; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FA1A
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 24, 00] {TEST AL, 0x2; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 24, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 24, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FA8B
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 24, 00] {TEST AL, 0x0; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FBB9
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 24, 00] {SUB [ECX], AL; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 24, 00] {SUB [EDX], AL; AND AL, 0x0}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 24, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002501F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002503FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005F1014
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005F0804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005F0A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005F0C0C
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005F0E10
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005F01F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005F03FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005F0600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00600804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00600A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00600600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006001F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006003FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03989D85
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 039898B1
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03989C37
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03989A03
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03989AD6
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01859D85
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018598B1
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01859C37
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01859A03
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01859AD6
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[5568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[5568] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[5568] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[5568] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910B1A
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910B8B
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910CB9
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 35, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00711014
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00710804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00710A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00710C0C
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00710E10
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007101F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007103FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00710600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00720804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00720A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00720600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007201F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007203FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 28, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FE1A
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 28, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 28, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FE8B
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FFB9
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL}
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 28, 00]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002A01F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002A03FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00641014
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00640804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00640A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00640C0C
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00640E10
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006401F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006403FC
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00640600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00650804
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00650A08
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00650600
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006501F8
.text C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006503FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F40693F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F406924C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F4069A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F40679A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F40679A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F40693F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F406924C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F4069A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F40693F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F40679A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F4069A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F406924C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4069A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F406924C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F40693F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F40693F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F40679A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4069A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F406924C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Update\GoogleUpdate.exe[372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Java\jre6\bin\jqs.exe[460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\dllhost.exe[768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Documents and Settings\Paul Cundall\My Documents\Downloads\0iru20t6.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[1020] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\nvsvc32.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10003E90] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10004380] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [10004340] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [100020F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1348] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1560] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1604] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[2192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[2268] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[3172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Spyware Terminator\st_rsser.exe[3432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Bonjour\mDNSResponder.exe[3776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehRecvr.exe[3848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\eHome\ehSched.exe[4000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[4444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[4636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003B0010
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[5248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[5568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00390010
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003C0010
IAT C:\Documents and Settings\Paul Cundall\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3 85513A28
Device owAZEVAoRGRCZ \Device\Ide\IdePort0 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort0 85513A28
Device owAZEVAoRGRCZ \Device\Ide\IdePort1 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort1 85513A28
Device owAZEVAoRGRCZ \Device\Ide\IdePort2 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort2 85513A28
Device owAZEVAoRGRCZ \Device\Ide\IdePort3 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort3 85513A28
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-e RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-e 85513A28
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\81685778 \Device\KLMD16012012_207010 27606304.sys
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

#7 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 March 2012 - 02:47 PM

OKay here's the aswMBR.log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 19:09:58
-----------------------------
19:09:58.359 OS Version: Windows 5.1.2600 Service Pack 3
19:09:58.359 Number of processors: 2 586 0x4B02
19:09:58.359 ComputerName: PAUL-4C5DBA59E5 UserName: Paul Cundall
19:09:59.687 Initialize success
19:10:03.625 AVAST engine defs: 12031500
19:10:12.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:10:12.578 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
19:10:12.593 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@J@ f72f1864
19:10:12.609 Disk 0 MBR read successfully
19:10:12.609 Disk 0 MBR scan
19:10:12.671 Disk 0 Win32:MBRoot-J [Trj]
19:10:12.671 Disk 0 Windows XP default MBR code found via API
19:10:12.671 Disk 0 MBR hidden
19:10:12.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
19:10:12.703 Disk 0 MBR [Win32:MBRoot] **ROOTKIT**
19:10:12.703 Disk 0 trace - called modules:
19:10:12.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85513a28]<<
19:10:12.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b36ab8]
19:10:12.734 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000068[0x86b39510]
19:10:12.734 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86aa1940]
19:10:12.734 owAZEVAoRGRCZ[0x86b3a428] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85513a28
19:10:13.718 AVAST engine scan C:\WINDOWS
19:10:17.781 AVAST engine scan C:\WINDOWS\system32
19:11:51.359 AVAST engine scan C:\WINDOWS\system32\drivers
19:11:58.312 AVAST engine scan C:\Documents and Settings\Paul Cundall
19:17:19.203 AVAST engine scan C:\Documents and Settings\All Users
19:17:45.734 Scan finished successfully



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 AM

Posted 16 March 2012 - 07:23 AM

Restart the PC,run TDSSkiller and aswmbr again and post the new logs

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#9 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 18 March 2012 - 06:10 PM

Here's the TDSKiller log:

23:08:03.0625 3420 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:08:03.0812 3420 ============================================================
23:08:03.0812 3420 Current date / time: 2012/03/18 23:08:03.0812
23:08:03.0812 3420 SystemInfo:
23:08:03.0812 3420
23:08:03.0812 3420 OS Version: 5.1.2600 ServicePack: 3.0
23:08:03.0812 3420 Product type: Workstation
23:08:03.0812 3420 ComputerName: PAUL-4C5DBA59E5
23:08:03.0812 3420 Windows directory: C:\WINDOWS
23:08:03.0812 3420 System windows directory: C:\WINDOWS
23:08:03.0812 3420 Processor architecture: Intel x86
23:08:03.0812 3420 Number of processors: 2
23:08:03.0812 3420 Page size: 0x1000
23:08:03.0812 3420 Boot type: Normal boot
23:08:03.0812 3420 ============================================================
23:08:07.0406 3420 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:08:07.0421 3420 Drive \Device\Harddisk1\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:08:07.0453 3420 \Device\Harddisk0\DR0:
23:08:07.0453 3420 MBR used
23:08:07.0453 3420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
23:08:07.0453 3420 \Device\Harddisk1\DR2:
23:08:07.0453 3420 MBR used
23:08:07.0453 3420 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:08:07.0453 3420 Initialize success
23:08:07.0453 3420 ============================================================
23:08:12.0046 2788 ============================================================
23:08:12.0046 2788 Scan started
23:08:12.0046 2788 Mode: Manual;
23:08:12.0046 2788 ============================================================
23:08:13.0484 2788 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:08:13.0484 2788 Aavmker4 - ok
23:08:13.0500 2788 Abiosdsk - ok
23:08:13.0500 2788 abp480n5 - ok
23:08:13.0531 2788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:08:13.0546 2788 ACPI - ok
23:08:13.0578 2788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:08:13.0578 2788 ACPIEC - ok
23:08:13.0593 2788 adpu160m - ok
23:08:13.0625 2788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:08:13.0625 2788 aec - ok
23:08:13.0656 2788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:08:13.0656 2788 AFD - ok
23:08:13.0671 2788 Aha154x - ok
23:08:13.0687 2788 aic78u2 - ok
23:08:13.0687 2788 aic78xx - ok
23:08:13.0703 2788 AliIde - ok
23:08:13.0750 2788 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:08:13.0765 2788 AmdK8 - ok
23:08:13.0781 2788 amsint - ok
23:08:13.0796 2788 asc - ok
23:08:13.0796 2788 asc3350p - ok
23:08:13.0812 2788 asc3550 - ok
23:08:13.0843 2788 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:08:13.0843 2788 aswFsBlk - ok
23:08:13.0859 2788 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
23:08:13.0859 2788 aswMon2 - ok
23:08:13.0875 2788 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
23:08:13.0875 2788 aswRdr - ok
23:08:13.0906 2788 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
23:08:13.0921 2788 aswSnx - ok
23:08:13.0937 2788 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
23:08:13.0937 2788 aswSP - ok
23:08:13.0953 2788 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
23:08:13.0968 2788 aswTdi - ok
23:08:13.0984 2788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:08:13.0984 2788 AsyncMac - ok
23:08:14.0000 2788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:08:14.0000 2788 atapi - ok
23:08:14.0000 2788 Atdisk - ok
23:08:14.0078 2788 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:08:14.0109 2788 ati2mtag - ok
23:08:14.0125 2788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:08:14.0125 2788 Atmarpc - ok
23:08:14.0171 2788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:08:14.0171 2788 audstub - ok
23:08:14.0218 2788 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:08:14.0218 2788 bcm4sbxp - ok
23:08:14.0265 2788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:08:14.0265 2788 Beep - ok
23:08:14.0281 2788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:08:14.0281 2788 cbidf2k - ok
23:08:14.0296 2788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:08:14.0312 2788 CCDECODE - ok
23:08:14.0312 2788 cd20xrnt - ok
23:08:14.0328 2788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:08:14.0328 2788 Cdaudio - ok
23:08:14.0328 2788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:08:14.0328 2788 Cdfs - ok
23:08:14.0359 2788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:08:14.0359 2788 Cdrom - ok
23:08:14.0359 2788 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
23:08:14.0375 2788 cercsr6 - ok
23:08:14.0390 2788 CmdIde - ok
23:08:14.0406 2788 Cpqarray - ok
23:08:14.0406 2788 dac2w2k - ok
23:08:14.0421 2788 dac960nt - ok
23:08:14.0437 2788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:08:14.0437 2788 Disk - ok
23:08:14.0468 2788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:08:14.0484 2788 dmboot - ok
23:08:14.0515 2788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:08:14.0515 2788 dmio - ok
23:08:14.0515 2788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:08:14.0515 2788 dmload - ok
23:08:14.0531 2788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:08:14.0531 2788 DMusic - ok
23:08:14.0546 2788 dpti2o - ok
23:08:14.0562 2788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:08:14.0562 2788 drmkaud - ok
23:08:14.0593 2788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:08:14.0609 2788 Fastfat - ok
23:08:14.0609 2788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:08:14.0609 2788 Fdc - ok
23:08:14.0718 2788 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
23:08:14.0734 2788 FileMonitor - ok
23:08:14.0734 2788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:08:14.0734 2788 Fips - ok
23:08:14.0750 2788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:08:14.0750 2788 Flpydisk - ok
23:08:14.0781 2788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:08:14.0781 2788 FltMgr - ok
23:08:14.0781 2788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:08:14.0796 2788 Fs_Rec - ok
23:08:14.0796 2788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:08:14.0812 2788 Ftdisk - ok
23:08:14.0828 2788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:08:14.0828 2788 GEARAspiWDM - ok
23:08:14.0843 2788 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
23:08:14.0843 2788 ggflt - ok
23:08:14.0859 2788 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
23:08:14.0859 2788 ggsemc - ok
23:08:14.0859 2788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:08:14.0875 2788 Gpc - ok
23:08:14.0921 2788 GUCI_AVS (9e19744d36262441fca59509b78328cb) C:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys
23:08:14.0921 2788 GUCI_AVS - ok
23:08:14.0953 2788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:08:14.0968 2788 HDAudBus - ok
23:08:14.0968 2788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:08:14.0984 2788 hidusb - ok
23:08:14.0984 2788 hpn - ok
23:08:15.0031 2788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:08:15.0031 2788 HTTP - ok
23:08:15.0046 2788 i2omp - ok
23:08:15.0062 2788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
23:08:15.0062 2788 i8042prt - ok
23:08:15.0078 2788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:08:15.0078 2788 Imapi - ok
23:08:15.0093 2788 ini910u - ok
23:08:15.0109 2788 IntelIde - ok
23:08:15.0125 2788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:08:15.0125 2788 Ip6Fw - ok
23:08:15.0156 2788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:08:15.0156 2788 IpFilterDriver - ok
23:08:15.0156 2788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:08:15.0171 2788 IpInIp - ok
23:08:15.0187 2788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:08:15.0203 2788 IpNat - ok
23:08:15.0203 2788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:08:15.0218 2788 IPSec - ok
23:08:15.0218 2788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:08:15.0218 2788 IRENUM - ok
23:08:15.0234 2788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:08:15.0234 2788 isapnp - ok
23:08:15.0312 2788 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
23:08:15.0312 2788 ISWKL - ok
23:08:15.0343 2788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:08:15.0343 2788 Kbdclass - ok
23:08:15.0343 2788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:08:15.0359 2788 kbdhid - ok
23:08:15.0375 2788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:08:15.0375 2788 kmixer - ok
23:08:15.0406 2788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:08:15.0406 2788 KSecDD - ok
23:08:15.0421 2788 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:08:15.0421 2788 Lbd - ok
23:08:15.0437 2788 MEMSWEEP2 - ok
23:08:15.0484 2788 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:08:15.0484 2788 MHNDRV - ok
23:08:15.0515 2788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:08:15.0515 2788 mnmdd - ok
23:08:15.0531 2788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:08:15.0546 2788 Modem - ok
23:08:15.0546 2788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:08:15.0546 2788 Mouclass - ok
23:08:15.0578 2788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:08:15.0578 2788 mouhid - ok
23:08:15.0578 2788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:08:15.0593 2788 MountMgr - ok
23:08:15.0593 2788 mraid35x - ok
23:08:15.0609 2788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:08:15.0609 2788 MRxDAV - ok
23:08:15.0656 2788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:08:15.0656 2788 MRxSmb - ok
23:08:15.0671 2788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:08:15.0671 2788 Msfs - ok
23:08:15.0687 2788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:08:15.0687 2788 MSKSSRV - ok
23:08:15.0703 2788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:08:15.0703 2788 MSPCLOCK - ok
23:08:15.0718 2788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:08:15.0734 2788 MSPQM - ok
23:08:15.0734 2788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:08:15.0734 2788 mssmbios - ok
23:08:15.0750 2788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:08:15.0750 2788 MSTEE - ok
23:08:15.0781 2788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:08:15.0781 2788 Mup - ok
23:08:15.0781 2788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:08:15.0796 2788 NABTSFEC - ok
23:08:15.0812 2788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:08:15.0812 2788 NDIS - ok
23:08:15.0812 2788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:08:15.0828 2788 NdisIP - ok
23:08:15.0843 2788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:08:15.0843 2788 NdisTapi - ok
23:08:15.0859 2788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:08:15.0875 2788 Ndisuio - ok
23:08:15.0875 2788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:08:15.0875 2788 NdisWan - ok
23:08:15.0921 2788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:08:15.0921 2788 NDProxy - ok
23:08:15.0937 2788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:08:15.0937 2788 NetBIOS - ok
23:08:15.0937 2788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:08:15.0953 2788 NetBT - ok
23:08:15.0984 2788 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:08:15.0984 2788 nmwcd - ok
23:08:15.0984 2788 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:08:16.0000 2788 nmwcdc - ok
23:08:16.0000 2788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:08:16.0000 2788 Npfs - ok
23:08:16.0031 2788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:08:16.0046 2788 Ntfs - ok
23:08:16.0062 2788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:08:16.0062 2788 Null - ok
23:08:16.0265 2788 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:08:16.0390 2788 nv - ok
23:08:16.0406 2788 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
23:08:16.0421 2788 NVHDA - ok
23:08:16.0453 2788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:08:16.0453 2788 NwlnkFlt - ok
23:08:16.0453 2788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:08:16.0468 2788 NwlnkFwd - ok
23:08:16.0500 2788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:08:16.0500 2788 Parport - ok
23:08:16.0515 2788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:08:16.0515 2788 PartMgr - ok
23:08:16.0546 2788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:08:16.0546 2788 ParVdm - ok
23:08:16.0578 2788 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:08:16.0578 2788 pccsmcfd - ok
23:08:16.0593 2788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:08:16.0593 2788 PCI - ok
23:08:16.0609 2788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:08:16.0609 2788 PCIIde - ok
23:08:16.0625 2788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:08:16.0625 2788 Pcmcia - ok
23:08:16.0640 2788 perc2 - ok
23:08:16.0640 2788 perc2hib - ok
23:08:16.0687 2788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:08:16.0687 2788 PptpMiniport - ok
23:08:16.0703 2788 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:08:16.0703 2788 Processor - ok
23:08:16.0718 2788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:08:16.0718 2788 PSched - ok
23:08:16.0734 2788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:08:16.0734 2788 Ptilink - ok
23:08:16.0750 2788 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:08:16.0750 2788 PxHelp20 - ok
23:08:16.0765 2788 ql1080 - ok
23:08:16.0765 2788 Ql10wnt - ok
23:08:16.0781 2788 ql12160 - ok
23:08:16.0796 2788 ql1240 - ok
23:08:16.0796 2788 ql1280 - ok
23:08:16.0828 2788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:08:16.0843 2788 RasAcd - ok
23:08:16.0843 2788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:08:16.0843 2788 Rasl2tp - ok
23:08:16.0859 2788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:08:16.0859 2788 RasPppoe - ok
23:08:16.0875 2788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:08:16.0890 2788 Raspti - ok
23:08:16.0890 2788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:08:16.0890 2788 Rdbss - ok
23:08:16.0906 2788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:08:16.0906 2788 RDPCDD - ok
23:08:16.0937 2788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:08:16.0937 2788 rdpdr - ok
23:08:16.0968 2788 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:08:16.0984 2788 RDPWD - ok
23:08:17.0000 2788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:08:17.0000 2788 redbook - ok
23:08:17.0140 2788 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
23:08:17.0140 2788 RegFilter - ok
23:08:17.0187 2788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:08:17.0187 2788 Secdrv - ok
23:08:17.0203 2788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:08:17.0203 2788 Serial - ok
23:08:17.0234 2788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:08:17.0234 2788 Sfloppy - ok
23:08:17.0250 2788 Simbad - ok
23:08:17.0281 2788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:08:17.0281 2788 SLIP - ok
23:08:17.0296 2788 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
23:08:17.0296 2788 SmartDefragDriver - ok
23:08:17.0312 2788 Sparrow - ok
23:08:17.0328 2788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:08:17.0343 2788 splitter - ok
23:08:17.0359 2788 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
23:08:17.0359 2788 sp_rsdrv2 - ok
23:08:17.0375 2788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:08:17.0390 2788 sr - ok
23:08:17.0421 2788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:08:17.0421 2788 Srv - ok
23:08:17.0484 2788 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
23:08:17.0500 2788 STHDA - ok
23:08:17.0515 2788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:08:17.0531 2788 streamip - ok
23:08:17.0546 2788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:08:17.0562 2788 swenum - ok
23:08:17.0562 2788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:08:17.0562 2788 swmidi - ok
23:08:17.0593 2788 symc810 - ok
23:08:17.0609 2788 symc8xx - ok
23:08:17.0609 2788 sym_hi - ok
23:08:17.0625 2788 sym_u3 - ok
23:08:17.0656 2788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:08:17.0656 2788 sysaudio - ok
23:08:17.0687 2788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:08:17.0687 2788 Tcpip - ok
23:08:17.0734 2788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:08:17.0734 2788 TDPIPE - ok
23:08:17.0734 2788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:08:17.0750 2788 TDTCP - ok
23:08:17.0750 2788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:08:17.0750 2788 TermDD - ok
23:08:17.0765 2788 TosIde - ok
23:08:17.0796 2788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:08:17.0812 2788 Udfs - ok
23:08:17.0812 2788 ultra - ok
23:08:17.0828 2788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:08:17.0843 2788 Update - ok
23:08:17.0875 2788 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:08:17.0875 2788 upperdev - ok
23:08:17.0906 2788 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
23:08:17.0906 2788 UrlFilter - ok
23:08:17.0937 2788 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:08:17.0937 2788 USBAAPL - ok
23:08:17.0968 2788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:08:17.0968 2788 usbaudio - ok
23:08:17.0984 2788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:08:17.0984 2788 usbccgp - ok
23:08:18.0000 2788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:08:18.0000 2788 usbehci - ok
23:08:18.0015 2788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:08:18.0015 2788 usbhub - ok
23:08:18.0062 2788 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:08:18.0062 2788 usbohci - ok
23:08:18.0109 2788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:08:18.0109 2788 usbscan - ok
23:08:18.0125 2788 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
23:08:18.0140 2788 usbser - ok
23:08:18.0140 2788 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:08:18.0140 2788 UsbserFilt - ok
23:08:18.0171 2788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:08:18.0171 2788 USBSTOR - ok
23:08:18.0171 2788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:08:18.0187 2788 VgaSave - ok
23:08:18.0203 2788 ViaIde - ok
23:08:18.0234 2788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:08:18.0234 2788 VolSnap - ok
23:08:18.0296 2788 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
23:08:18.0328 2788 Vsdatant - ok
23:08:18.0359 2788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:08:18.0375 2788 Wanarp - ok
23:08:18.0390 2788 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:08:18.0406 2788 Wdf01000 - ok
23:08:18.0406 2788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:08:18.0421 2788 wdmaud - ok
23:08:18.0500 2788 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:08:18.0500 2788 WpdUsb - ok
23:08:18.0531 2788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:08:18.0531 2788 WS2IFSL - ok
23:08:18.0546 2788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:08:18.0546 2788 WSTCODEC - ok
23:08:18.0578 2788 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:08:18.0578 2788 WudfPf - ok
23:08:18.0578 2788 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:08:18.0593 2788 WudfRd - ok
23:08:18.0609 2788 xcpip - ok
23:08:18.0609 2788 xpsec - ok
23:08:18.0640 2788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:08:18.0750 2788 \Device\Harddisk0\DR0 - ok
23:08:18.0750 2788 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk1\DR2
23:08:18.0765 2788 \Device\Harddisk1\DR2 - ok
23:08:18.0765 2788 Boot (0x1200) (cac7032bfba371b5fd21d4f689e49e99) \Device\Harddisk0\DR0\Partition0
23:08:18.0765 2788 \Device\Harddisk0\DR0\Partition0 - ok
23:08:18.0781 2788 Boot (0x1200) (59a13f1ed7053ae67d845463beb27335) \Device\Harddisk1\DR2\Partition0
23:08:18.0781 2788 \Device\Harddisk1\DR2\Partition0 - ok
23:08:18.0781 2788 ============================================================
23:08:18.0781 2788 Scan finished
23:08:18.0781 2788 ============================================================
23:08:18.0781 5196 Detected object count: 0
23:08:18.0781 5196 Actual detected object count: 0

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 AM

Posted 18 March 2012 - 07:51 PM

waiting for other logs :thumbup2:

#11 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 19 March 2012 - 02:08 AM

hiya, here's the aswMBR log:

wMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 01:31:05
-----------------------------
01:31:05.765 OS Version: Windows 5.1.2600 Service Pack 3
01:31:05.765 Number of processors: 2 586 0x4B02
01:31:05.765 ComputerName: PAUL-4C5DBA59E5
01:31:07.343 Initialize success
01:31:12.312 AVAST engine defs: 12031801
01:31:17.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:31:17.171 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
01:31:17.187 Disk 0 MBR read successfully
01:31:17.187 Disk 0 MBR scan
01:31:17.203 Disk 0 Windows XP default MBR code
01:31:17.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
01:31:17.265 Disk 0 scanning sectors +1953504000
01:31:17.312 Disk 0 malicious Win32:MBRoot code @ sector 1953504003 !
01:31:17.500 Disk 0 scanning C:\WINDOWS\system32\drivers
01:31:55.734 Service scanning
01:32:07.906 Modules scanning
01:32:51.890 Disk 0 trace - called modules:
01:32:51.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:32:51.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5eab8]
01:32:51.937 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000068[0x86a61510]
01:32:51.937 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86aa1940]
01:32:52.796 AVAST engine scan C:\
02:51:47.500 Scan finished successfully

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 AM

Posted 19 March 2012 - 08:26 AM

There seems to be a inactive rootkit partition still present

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

Download

http://download.bleepingcomputer.com/farbar/ListParts.exe

Run the tool, click Scan and post the log (Result.txt) it makes.

Press Windows+R key and type

diskmgmt.msc and click ok

Take a screenshot of the partitions and post it here

Edited by narenxp, 19 March 2012 - 08:29 AM.


#13 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 19 March 2012 - 01:57 PM

hiya, here's the aswMBR log:

wMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 01:31:05
-----------------------------
01:31:05.765 OS Version: Windows 5.1.2600 Service Pack 3
01:31:05.765 Number of processors: 2 586 0x4B02
01:31:05.765 ComputerName: PAUL-4C5DBA59E5
01:31:07.343 Initialize success
01:31:12.312 AVAST engine defs: 12031801
01:31:17.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:31:17.171 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
01:31:17.187 Disk 0 MBR read successfully
01:31:17.187 Disk 0 MBR scan
01:31:17.203 Disk 0 Windows XP default MBR code
01:31:17.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
01:31:17.265 Disk 0 scanning sectors +1953504000
01:31:17.312 Disk 0 malicious Win32:MBRoot code @ sector 1953504003 !
01:31:17.500 Disk 0 scanning C:\WINDOWS\system32\drivers
01:31:55.734 Service scanning
01:32:07.906 Modules scanning
01:32:51.890 Disk 0 trace - called modules:
01:32:51.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:32:51.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5eab8]
01:32:51.937 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000068[0x86a61510]
01:32:51.937 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86aa1940]
01:32:52.796 AVAST engine scan C:\
02:51:47.500 Scan finished successfully

#14 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 19 March 2012 - 02:24 PM

ListParts by Farbar Version: 12-03-2012 03
Windows XP (X86)
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 65%
Total physical RAM: 1022.42 MB
Available physical RAM: 356.73 MB
Total Pagefile: 2461.07 MB
Available Pagefile: 1767.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.32 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:867.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (Elements) (Fixed) (Total:232.83 GB) (Free:45.13 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 932 GB Healthy System (partition with boot components)
======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Elements FAT32 Partition 233 GB Healthy
======================================================================================================

****** End Of Log ******

#15 contwo

contwo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 19 March 2012 - 02:46 PM

Okay the FIXTDSS said it couldn't find anything.

I'm having difficulty pasting a screenprint of the Disk Management window in my reply. Can you advise please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users