Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDDS/Redirect Virus Help


  • This topic is locked This topic is locked
33 replies to this topic

#1 Sirhc

Sirhc

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 12 September 2012 - 03:08 PM

Hello This is my first time posting sorry if I do it incorrectly.

A couple months ago I noticed my browser was re directing randomly to ad websites so I scanned my computer with MBAM and other programs and picked up a couple small things and the re directing had stopped. Now it's come back and no program detects anything. I've been reading up a lot about it but can't seem to find a way to remove it, hope you can help. I would also like to add that my icons by my windows time have all disappeared(AVG, ZoneAlaram, STeelseries Settings) it only has the time, the 2 computers and the world and my sound devices. I have to now manually enable Zonealarm via start up icon. ( only happened since running Unhack me)

Below is my DDS Log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by NewCPU at 13:06:46 on 2012-09-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3578.2222 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - c:\program files\check point software technologies ltd\zonealarm\1.5.20.3\bh\zonealarm.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - c:\program files\devicevm\browser configuration utility\IEHelper.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - c:\program files\check point software technologies ltd\zonealarm\1.5.20.3\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DCDD4D7C-324E-4715-B61D-879549BFF967} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\newcpu\appdata\roaming\mozilla\firefox\profiles\pfrbj9mx.default user\
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.116.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\newcpu\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\newcpu\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\newcpu\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\newcpu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-3 217088]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-2-12 212232]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-30 21992]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-3 10070016]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-3 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2010-2-12 1499648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [2011-7-30 480864]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 114144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2010-2-12 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-12 21504]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-7 246600]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-12 01:14:29 -------- d-----w- c:\programdata\HitmanPro
2012-09-12 00:09:45 -------- d-----w- c:\program files\Sophos
2012-09-11 23:57:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-11 23:51:20 -------- d-----w- c:\users\newcpu\appdata\roaming\SUPERAntiSpyware.com
2012-09-11 23:51:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-11 23:51:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 23:46:55 -------- d-----w- c:\programdata\PC Tools
2012-09-11 23:46:54 -------- d-----w- c:\users\newcpu\appdata\roaming\TestApp
2012-09-11 00:16:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-10 23:35:46 98816 ----a-w- c:\windows\sed.exe
2012-09-10 23:35:46 518144 ----a-w- c:\windows\SWREG.exe
2012-09-10 23:35:46 256000 ----a-w- c:\windows\PEV.exe
2012-09-10 23:35:46 208896 ----a-w- c:\windows\MBR.exe
2012-09-10 23:18:16 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-10 23:18:16 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-10 23:18:16 -------- d-----w- c:\programdata\RegRun
2012-09-10 23:18:08 2 --shatr- c:\windows\winstart.bat
2012-09-10 23:18:05 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-10 23:18:03 -------- d-----w- c:\program files\UnHackMe
2012-09-10 19:17:10 -------- d-----w- c:\program files\SplitMediaLabs
2012-08-28 20:57:19 -------- d-----w- c:\users\newcpu\appdata\roaming\The Creative Assembly
2012-08-28 19:30:56 -------- d-----w- c:\program files\SEGA
2012-08-28 16:18:31 -------- d-----w- c:\program files\Firefly Studios
2012-08-26 23:56:27 -------- d-----w- c:\program files\Activision
2012-08-26 08:17:27 -------- d-----w- c:\users\newcpu\appdata\local\SKIDROW
2012-08-24 22:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 04:51:34 -------- d-----w- c:\program files\THQ
2012-08-16 21:13:24 -------- d-----w- c:\program files\AMD APP
2012-08-16 21:12:42 -------- d-----w- c:\program files\ATI
2012-08-16 21:12:31 -------- d-----w- c:\program files\ATI Technologies
.
==================== Find3M ====================
.
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 03:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 03:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 14:22:41 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 14:22:41 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 05:47:36 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 05:47:16 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-28 05:47:06 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-28 05:46:06 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-07-26 10:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-04 06:58:12 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:35:46 19586048 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27:08 918528 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-04 06:21:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21:18 453632 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20:42 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19:24 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-04 06:19:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 06:18:18 6811648 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-04 05:36:22 58368 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- c:\windows\system32\atiumdmv.dll
2012-07-04 05:35:14 6245888 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-04 05:11:38 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 05:11:28 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11:16 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11:04 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-04 05:10:30 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:09:56 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-04 05:09:42 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-04 05:09:18 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-07-04 05:09:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-04 05:04:18 44544 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-04 04:59:40 13402112 ----a-w- c:\windows\system32\aticaldd.dll
.
============= FINISH: 13:07:00.54 ===============



GMER Log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-12 13:06:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1001FALS-00E3A0 rev.05.01D05
Running: 10gtn8qs.exe; Driver: C:\Users\NewCPU\AppData\Local\Temp\ufdiqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0xCF17626C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0xCF176B34]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xCF175CC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xCF16F586]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xCF190E92]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xCF1767CC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xCF18AE1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xCF18B244]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xCF19546E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xCF17692A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xCF1702B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xCF1928DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xCF1921F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xCF189C00]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xCF1932A8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xCF1934E6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0xCF193998]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xDC15D004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xDC15D0D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xCF16FE6E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xDC15CD76]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xCF18CF22]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xCF19436E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xCF193C62]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xCF17586A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xCF194DCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xCF175F8E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xCF1706C0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xCF1948F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xCF191954]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xCF18BF40]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xCF62B640]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xDC15CEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xDC15CF56]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0xCF18B6B8]

INT 0x61 ? C54F7050
INT 0x71 ? C54F72D0
INT 0x72 ? C54F7A50
INT 0x82 ? C54F77D0
INT 0x90 ? C917ECD0
INT 0x92 ? C379F050
INT 0xA2 ? C54F7CD0
INT 0xB1 ? C379FCD0
INT 0xB2 ? C379F2D0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 13D E26C88C0 8 Bytes [6C, 62, 17, CF, 34, 6B, 17, ...] {INSB ; BOUND EDX, [EDI]; IRET ; XOR AL, 0x6b; POP SS; IRET }
.text ntkrnlpa.exe!KeSetEvent + 1C1 E26C8944 4 Bytes [C2, 5C, 17, CF] {RET 0x175c; IRET }
.text ntkrnlpa.exe!KeSetEvent + 1D9 E26C895C 4 Bytes [86, F5, 16, CF] {XCHG CH, DH; PUSH SS; IRET }
.text ntkrnlpa.exe!KeSetEvent + 1E9 E26C896C 4 Bytes [92, 0E, 19, CF] {XCHG EDX, EAX; PUSH CS; SBB EDI, ECX}
.text ntkrnlpa.exe!KeSetEvent + 205 E26C8988 12 Bytes [CC, 67, 17, CF, 1C, AE, 18, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xCDE0C000, 0x2BFBF0, 0xE8000020]
? C:\Users\NewCPU\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes [E9, F8, 48, 5E, A9] {JMP 0xffffffffa95e48fd}
.text ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes [E9, 70, 4D, 5E, A9] {JMP 0xffffffffa95e4d75}
.text ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes [E9, 1F, 45, 5E, A9] {JMP 0xffffffffa95e4524}
.text ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes [E9, 32, 38, 5E, A9] {JMP 0xffffffffa95e3837}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[476] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] kernel32.dll!SetUnhandledExceptionFilter 7781A84F 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[492] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[540] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[632] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[676] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[720] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[860] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[920] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\atiesrxx.exe[984] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ntdll.dll!LdrLoadDll 776993A8 5 Bytes JMP 6B220C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] kernel32.dll!SetUnhandledExceptionFilter 7781A84F 5 Bytes JMP 6B223FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] kernel32.dll!LockResource + C 778368EB 7 Bytes JMP 6B457B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] kernel32.dll!VirtualAllocEx + 54 7783AD50 7 Bytes JMP 6B457B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] USER32.dll!IsWindowUnicode + 37 775D90B5 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] USER32.dll!GetWindowInfo 775E428E 5 Bytes JMP 6B37B77F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] GDI32.dll!SetStretchBltMode + 256 76A3745C 7 Bytes JMP 6B457AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!closesocket 75E9330C 5 Bytes JMP 20B23BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!recv 75E9343A 5 Bytes JMP 20B23C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!WSASend 75E94496 5 Bytes JMP 20B23F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!send 75E9659B 5 Bytes JMP 20B23CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!sendto 75E967C5 5 Bytes JMP 20B23D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!WSARecv 75E98400 5 Bytes JMP 20B23E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!WSASendDisconnect 75EAA3E9 5 Bytes JMP 20B2409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] WS2_32.dll!WSASendTo 75EAA474 5 Bytes JMP 20B23FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1388] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1456] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1464] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\PnkBstrA.exe[1524] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1756] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1756] USER32.dll!IsWindowUnicode + 37 775D90B5 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1872] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2176] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateFile + 6 776D422A 4 Bytes [28, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateFile + B 776D422F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateKey + 6 776D426A 4 Bytes [68, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateKey + B 776D426F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateMutant + 6 776D429A 4 Bytes [28, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateMutant + B 776D429F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateSection + 6 776D431A 4 Bytes [68, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtCreateSection + B 776D431F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtMapViewOfSection + 6 776D497A 4 Bytes [A8, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtMapViewOfSection + B 776D497F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenFile + 6 776D4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenFile + B 776D4A0F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenKey + 6 776D4A3A 4 Bytes [A8, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenKey + B 776D4A3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenMutant + B 776D4A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcess + 6 776D4A8A 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcess + 6 776D4A8A 4 Bytes [28, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcess + B 776D4A8F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcessToken + 6 776D4A9A 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcessToken + 6 776D4A9A 4 Bytes [68, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcessToken + B 776D4A9F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcessTokenEx + 6 776D4AAA 4 Bytes [28, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenProcessTokenEx + B 776D4AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenSection + 6 776D4ABA 4 Bytes [A8, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenSection + B 776D4ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenThread + B 776D4AFF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenThreadToken + 6 776D4B0A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenThreadToken + B 776D4B0F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenThreadTokenEx + 6 776D4B1A 4 Bytes [68, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtOpenThreadTokenEx + B 776D4B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtQueryAttributesFile + 6 776D4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtQueryAttributesFile + B 776D4BAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtQueryFullAttributesFile + B 776D4C5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtSetInformationFile + 6 776D513A 4 Bytes [28, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtSetInformationFile + B 776D513F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtSetInformationThread + 6 776D518A 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtSetInformationThread + 6 776D518A 4 Bytes [A8, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtSetInformationThread + B 776D518F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ntdll.dll!NtUnmapViewOfSection + B 776D542F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] kernel32.dll!CreateProcessW 777F1BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] kernel32.dll!CreateProcessA 777F1C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] kernel32.dll!OpenEventW 7780BF97 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] kernel32.dll!CreateEventW 7783B65E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!DeleteObject 76A35A37 5 Bytes JMP 000801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetDeviceCaps 76A3617F 5 Bytes JMP 000803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SelectObject 76A362A0 5 Bytes JMP 000805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetTextColor 76A3666B 5 Bytes JMP 00080A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetBkMode 76A36716 5 Bytes JMP 000808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!DeleteDC 76A368CD 5 Bytes JMP 00080170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetCurrentObject 76A36B58 5 Bytes JMP 00080370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetStretchBltMode 76A37206 5 Bytes JMP 000806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SaveDC 76A375BA 5 Bytes JMP 00080570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!RestoreDC 76A37675 5 Bytes JMP 00080530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!StretchDIBits 76A378CF 5 Bytes JMP 00080770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!ExtSelectClipRgn 76A379F8 5 Bytes JMP 000802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SelectClipRgn 76A37AF9 5 Bytes JMP 000805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!MoveToEx 76A37C33 5 Bytes JMP 00080470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!Rectangle 76A37EA9 5 Bytes JMP 000809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextAlign 76A382E0 5 Bytes JMP 00080D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetTextAlign 76A385CB 5 Bytes JMP 000809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!ExtTextOutW 76A3872B 5 Bytes JMP 00080970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextMetricsW 76A38A81 5 Bytes JMP 00080E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!IntersectClipRect 76A38B64 5 Bytes JMP 000803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetClipBox 76A39071 5 Bytes JMP 00080330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetICMMode 76A394E7 5 Bytes JMP 00080DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!CreateDCW 76A3A91D 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!CreateDCA 76A3AA49 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!CreateICW 76A3B2E9 5 Bytes JMP 00080130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextFaceW 76A3B637 5 Bytes JMP 00080D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetFontData 76A3BA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetFontData 76A3BA6C 5 Bytes JMP 00080C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextExtentPoint32W 76A3C01A 5 Bytes JMP 00080670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetWorldTransform 76A3C46A 5 Bytes JMP 000806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!LineTo 76A3C65E 5 Bytes JMP 00080430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextMetricsA 76A3CCEB 5 Bytes JMP 00080DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!ExtTextOutA 76A400A5 5 Bytes JMP 00080930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextExtentPoint32A 76A40E58 5 Bytes JMP 00080630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!ExtEscape 76A422A7 5 Bytes JMP 000802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!Escape 76A427F1 5 Bytes JMP 00080270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!ResetDCW 76A43132 5 Bytes JMP 00080AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!EndPage 76A4375E 5 Bytes JMP 00080230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetPolyFillMode 76A461D3 5 Bytes JMP 00080B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SetMiterLimit 76A462E2 5 Bytes JMP 00080B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetTextFaceA 76A4F4C5 5 Bytes JMP 00080CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!GetGlyphOutlineW 76A5A41F 5 Bytes JMP 00080CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!CreateScalableFontResourceW 76A5C88B 5 Bytes JMP 00080BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!AddFontResourceW 76A5CC93 5 Bytes JMP 00080BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!RemoveFontResourceW 76A5D129 5 Bytes JMP 00080C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!AbortDoc 76A62CC4 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!EndDoc 76A630D8 5 Bytes JMP 000801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!StartPage 76A631C3 5 Bytes JMP 00080730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!StartDocW 76A63CA7 5 Bytes JMP 000807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!BeginPath 76A64465 5 Bytes JMP 00080830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!SelectClipPath 76A644BC 5 Bytes JMP 00080AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!CloseFigure 76A64517 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!EndPath 76A6456E 5 Bytes JMP 00080A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!StrokePath 76A647A0 5 Bytes JMP 000807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!FillPath 76A6482C 5 Bytes JMP 00080870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!PolylineTo 76A64C95 5 Bytes JMP 000804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!PolyBezierTo 76A64D25 5 Bytes JMP 000804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] GDI32.dll!PolyDraw 76A64DD6 5 Bytes JMP 000808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!SetCursor 775DD37D 5 Bytes JMP 00090530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!RegisterClipboardFormatW 775DD6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!RegisterClipboardFormatW 775DD6AC 5 Bytes JMP 000902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!ActivateKeyboardLayout 775E478C 5 Bytes JMP 000904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!IsWindowVisible 775E878A 7 Bytes JMP 000906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!MonitorFromWindow 775E88D4 7 Bytes JMP 00090630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!ScreenToClient 775E8C56 7 Bytes JMP 00090670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClientRect 775E8F0D 7 Bytes JMP 000905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetParent 775E90AA 7 Bytes JMP 000906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!RegisterClipboardFormatA 775EA111 5 Bytes JMP 000902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!PostMessageW 775EA175 5 Bytes JMP 000905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!MapWindowPoints 775EA30D 5 Bytes JMP 00090570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClipboardFormatNameA 775EA552 5 Bytes JMP 00090270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetOpenClipboardWindow 775F26A6 5 Bytes JMP 000903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!SetClipboardViewer 775FBA2D 5 Bytes JMP 000904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!IsClipboardFormatAvailable 775FC2E3 5 Bytes JMP 000900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!CloseClipboard 775FC2F7 5 Bytes JMP 000900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!OpenClipboard 775FC31D 5 Bytes JMP 00090070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetTopWindow 775FCE0A 7 Bytes JMP 00090730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClipboardSequenceNumber 775FD8B7 5 Bytes JMP 00090330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!ChangeClipboardChain 775FDF83 5 Bytes JMP 00090430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!CountClipboardFormats 77600048 5 Bytes JMP 000901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClipboardOwner 776026EF 5 Bytes JMP 00090370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!SetClipboardData 77616410 5 Bytes JMP 00090170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!EnumClipboardFormats 77616D16 5 Bytes JMP 000901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!SetCursorPos 77616FB2 5 Bytes JMP 00090770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClipboardData 7761715A 5 Bytes JMP 00090030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClipboardFormatNameW 7761A99F 5 Bytes JMP 00090230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!EmptyClipboard 7763398B 5 Bytes JMP 00090130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetClipboardViewer 776339ED 5 Bytes JMP 00090470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] USER32.dll!GetPriorityClipboardFormat 77633AEF 5 Bytes JMP 000903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ole32.dll!OleGetClipboard 75DB74C9 5 Bytes JMP 000A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ole32.dll!OleSetClipboard 75DE11E3 5 Bytes JMP 000A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] ole32.dll!OleIsCurrentClipboard 75DEA8F9 5 Bytes JMP 000A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!FreeContextBuffer 75BD2D83 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!DeleteSecurityContext 75BD2F18 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!FreeCredentialsHandle 75BD3598 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!EncryptMessage 75BD3745 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!DecryptMessage 75BD3813 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!InitializeSecurityContextA 75BD87DF 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!AcquireCredentialsHandleA 75BD8A43 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!QueryContextAttributesA 75BD8E77 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!ApplyControlToken 75BDDE4F 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[2212] Secur32.dll!QueryCredentialsAttributesA 75BDE052 5 Bytes JMP 000C00B0
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2368] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!InSendMessageEx + 4C9 775DE7C8 7 Bytes JMP 6B52DF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!CreateWindowExW + AA 775E13AF 7 Bytes JMP 6B52DEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!GetWindowInfo 775E428E 5 Bytes JMP 6B374536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!SetMenuItemBitmaps + 71 775F14EE 7 Bytes JMP 6B374B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[2956] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3264] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[3316] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3400] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[3488] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4620] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\NOTEPAD.EXE[5256] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\notepad.exe[5396] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[5624] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] ntdll.dll!NtAccessCheckByType 776D3E94 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] ntdll.dll!NtAlpcImpersonateClientOfPort 776D4064 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] ntdll.dll!NtImpersonateClientOfPort 776D4834 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] ntdll.dll!NtSetInformationProcess 776D5174 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] kernel32.dll!OpenProcess 77837267 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] USER32.dll!FindWindowA 775D9D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] USER32.dll!FindWindowW 775EA441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] ADVAPI32.dll!ImpersonateNamedPipeClient 77293A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\NewCPU\Downloads\10gtn8qs.exe[6068] ADVAPI32.dll!SetThreadToken 772A8E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9565C156-CF93-BEF5-B036-2BFE4CFDD948}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9565C156-CF93-BEF5-B036-2BFE4CFDD948}@hajiianekchlnifm 0x63 0x62 0x6B 0x68 ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 12:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.






-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 12:01 PM

I tried to run AdwCleaner v2.001. The first time it took a good 30 seconds to actually load up, then frozen (Not Responding) on task manager, the second time it loaded up I hit Delete, Ok, and the status said Deleting but it was froze, I gave it about an hour before I realized it was frozen. What should I do?

I would like to add I have to restart my computer in order to terminate the process

Edited by Sirhc, 13 September 2012 - 12:02 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 12:50 PM

move to the next item


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 01:00 PM

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : NewCPU [Admin rights]
Mode : Remove -- Date : 09/13/2012 10:59:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00E3A0 ATA Device +++++
--- User ---
[MBR] beafe2e969f7d2dfecf3134c3c38e401
[BSP] 3e70b6a6fa860bb7f9b8b79d913960f8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 01:11 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 01:50 PM

ComboFix 12-09-13.03 - NewCPU 09/13/2012 11:34:32.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3578.2716 [GMT -7:00]
Running from: c:\users\NewCPU\Desktop\Commy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 18:42 . 2012-09-13 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 01:14 . 2012-09-12 01:14 -------- d-----w- c:\programdata\HitmanPro
2012-09-12 00:09 . 2012-09-12 00:09 -------- d-----w- c:\program files\Sophos
2012-09-11 23:57 . 2012-09-12 01:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-11 23:51 . 2012-09-11 23:51 -------- d-----w- c:\users\NewCPU\AppData\Roaming\SUPERAntiSpyware.com
2012-09-11 23:51 . 2012-09-11 23:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 23:51 . 2012-09-11 23:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-11 23:46 . 2012-09-11 23:46 -------- d-----w- c:\programdata\PC Tools
2012-09-11 23:46 . 2012-09-11 23:46 -------- d-----w- c:\users\NewCPU\AppData\Roaming\TestApp
2012-09-10 23:18 . 2012-09-13 17:58 -------- d-----w- c:\programdata\RegRun
2012-09-10 23:18 . 2012-09-10 23:18 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-10 23:18 . 2012-09-10 23:18 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-10 23:18 . 2012-09-10 23:18 2 --shatr- c:\windows\winstart.bat
2012-09-10 23:18 . 2012-09-10 19:59 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-10 23:18 . 2012-09-10 23:18 -------- d-----w- c:\program files\UnHackMe
2012-09-10 19:17 . 2012-09-10 19:17 -------- d-----w- c:\program files\SplitMediaLabs
2012-08-28 20:57 . 2012-08-28 20:57 -------- d-----w- c:\users\NewCPU\AppData\Roaming\The Creative Assembly
2012-08-28 19:30 . 2012-08-28 19:30 -------- d-----w- c:\program files\SEGA
2012-08-28 16:18 . 2012-08-28 16:18 -------- d-----w- c:\program files\Firefly Studios
2012-08-26 23:56 . 2012-08-26 23:56 -------- d-----w- c:\program files\Activision
2012-08-26 08:17 . 2012-08-28 20:57 -------- d-----w- c:\users\NewCPU\AppData\Local\SKIDROW
2012-08-24 22:43 . 2012-08-24 22:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 04:51 . 2012-08-24 07:45 -------- d-----w- c:\program files\THQ
2012-08-16 21:22 . 2012-08-16 21:22 -------- d-----w- c:\programdata\ATI
2012-08-16 21:13 . 2012-08-16 21:13 -------- d-----w- c:\program files\AMD APP
2012-08-16 21:12 . 2012-08-16 21:12 -------- d-----w- c:\program files\ATI
2012-08-16 21:12 . 2012-08-16 21:22 -------- d-----w- c:\program files\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 00:04 . 2010-02-14 18:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 03:24 . 2012-07-12 03:44 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 03:24 . 2010-06-06 18:33 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 14:22 . 2012-04-04 20:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 14:22 . 2011-06-01 20:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 05:47 . 2012-07-28 05:47 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 05:47 . 2012-07-28 05:47 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-28 05:47 . 2012-07-28 05:47 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-28 05:46 . 2012-07-28 05:46 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-07-26 10:21 . 2012-07-26 10:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-04 06:58 . 2012-07-04 06:58 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27 . 2010-08-26 02:01 918528 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21 . 2012-07-04 06:21 453632 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20 . 2012-07-04 06:20 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19 . 2012-07-04 06:19 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-04 06:19 . 2012-07-04 06:19 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 06:18 . 2011-09-24 01:53 6811648 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-04 05:36 . 2012-07-04 05:36 58368 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\system32\atiumdmv.dll
2012-07-04 05:35 . 2012-07-04 05:35 6245888 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-04 05:28 . 2012-07-04 05:28 4749312 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-04 05:10 . 2012-07-04 05:10 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:09 . 2011-09-24 01:18 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-04 05:09 . 2010-08-26 01:19 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-04 05:09 . 2009-12-11 19:49 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2012-09-06 22:56 . 2012-09-06 22:56 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 17:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-08 981656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-20 73360]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 738944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dxtory Update Checker 2.0]
2010-10-17 22:08 93696 ----a-w- c:\program files\Dxtory Software\Dxtory2.0\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-12-15 16:46 976784 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-15 19:51 136176 ----atw- c:\users\NewCPU\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-07-22 04:06 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-25 06:07 7547424 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-21 14:51 1353080 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 06:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\NewCPU\AppData\Roaming\Mozilla\Firefox\Profiles\pfrbj9mx.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-61305043.sys
SafeBoot-96830128.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 11:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3354171894-1925777830-1373601188-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9565C156-CF93-BEF5-B036-2BFE4CFDD948}*]
"hajiianekchlnifm"=hex:63,62,6b,68,6e,65,65,6b,61,6b,63,6b,67,66,6f,65,66,6d,
6c,70,6b,6c,63,61,70,68,6c,6a,6c,61,66,67,64,6b,63,70,61,69,00,00
.
[HKEY_USERS\S-1-5-21-3354171894-1925777830-1373601188-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,f9,7c,87,0a,92,ed,4b,9d,9b,1d,a6,6e,92,f9,42,eb,85,24,02,e6,
82,a7,b3,d6,10,6b,5e,aa,b7,0f,fa,75,71,2f,44,ac,c8,54,3e,c7,28,8b,d9,9b,57,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(3908)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-09-13 11:44:33
ComboFix-quarantined-files.txt 2012-09-13 18:44
ComboFix2.txt 2012-09-11 00:16
.
Pre-Run: 410,515,550,208 bytes free
Post-Run: 410,488,811,520 bytes free
.
- - End Of File - - B2FA30B20594D902791267D901D58B80


As far as how it's doing the icons have came back on my task bar, all except my steelseries icon. It seem's to be fine so far but it usually doesn't happen every single time I click a link. Should I randomly check links to see if it will re direct me?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 03:21 PM

Greetings Sirhc

yes check as many as you can to see if it redirects

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

RegNull::
[HKEY_USERS\S-1-5-21-3354171894-1925777830-1373601188-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9565C156-CF93-BEF5-B036-2BFE4CFDD948}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 03:40 PM

ComboFix 12-09-13.03 - NewCPU 09/13/2012 13:27:44.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3578.2651 [GMT -7:00]
Running from: c:\users\NewCPU\Desktop\Commy.exe
Command switches used :: c:\users\NewCPU\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 20:34 . 2012-09-13 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 01:14 . 2012-09-12 01:14 -------- d-----w- c:\programdata\HitmanPro
2012-09-12 00:09 . 2012-09-12 00:09 -------- d-----w- c:\program files\Sophos
2012-09-11 23:57 . 2012-09-12 01:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-11 23:51 . 2012-09-11 23:51 -------- d-----w- c:\users\NewCPU\AppData\Roaming\SUPERAntiSpyware.com
2012-09-11 23:51 . 2012-09-11 23:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 23:51 . 2012-09-11 23:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-11 23:46 . 2012-09-11 23:46 -------- d-----w- c:\programdata\PC Tools
2012-09-11 23:46 . 2012-09-11 23:46 -------- d-----w- c:\users\NewCPU\AppData\Roaming\TestApp
2012-09-10 23:18 . 2012-09-13 17:58 -------- d-----w- c:\programdata\RegRun
2012-09-10 23:18 . 2012-09-10 23:18 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-10 23:18 . 2012-09-10 23:18 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-10 23:18 . 2012-09-10 23:18 2 --shatr- c:\windows\winstart.bat
2012-09-10 23:18 . 2012-09-10 19:59 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-10 23:18 . 2012-09-10 23:18 -------- d-----w- c:\program files\UnHackMe
2012-09-10 19:17 . 2012-09-10 19:17 -------- d-----w- c:\program files\SplitMediaLabs
2012-08-28 20:57 . 2012-08-28 20:57 -------- d-----w- c:\users\NewCPU\AppData\Roaming\The Creative Assembly
2012-08-28 19:30 . 2012-08-28 19:30 -------- d-----w- c:\program files\SEGA
2012-08-28 16:18 . 2012-08-28 16:18 -------- d-----w- c:\program files\Firefly Studios
2012-08-26 23:56 . 2012-08-26 23:56 -------- d-----w- c:\program files\Activision
2012-08-26 08:17 . 2012-08-28 20:57 -------- d-----w- c:\users\NewCPU\AppData\Local\SKIDROW
2012-08-24 22:43 . 2012-08-24 22:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 04:51 . 2012-08-24 07:45 -------- d-----w- c:\program files\THQ
2012-08-16 21:22 . 2012-08-16 21:22 -------- d-----w- c:\programdata\ATI
2012-08-16 21:13 . 2012-08-16 21:13 -------- d-----w- c:\program files\AMD APP
2012-08-16 21:12 . 2012-08-16 21:12 -------- d-----w- c:\program files\ATI
2012-08-16 21:12 . 2012-08-16 21:22 -------- d-----w- c:\program files\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 00:04 . 2010-02-14 18:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 03:24 . 2012-07-12 03:44 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 03:24 . 2010-06-06 18:33 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 14:22 . 2012-04-04 20:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 14:22 . 2011-06-01 20:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 05:47 . 2012-07-28 05:47 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 05:47 . 2012-07-28 05:47 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-28 05:47 . 2012-07-28 05:47 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-28 05:46 . 2012-07-28 05:46 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-07-26 10:21 . 2012-07-26 10:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-04 06:58 . 2012-07-04 06:58 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27 . 2010-08-26 02:01 918528 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21 . 2012-07-04 06:21 453632 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20 . 2012-07-04 06:20 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19 . 2012-07-04 06:19 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-04 06:19 . 2012-07-04 06:19 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 06:18 . 2011-09-24 01:53 6811648 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-04 05:36 . 2012-07-04 05:36 58368 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\system32\atiumdmv.dll
2012-07-04 05:35 . 2012-07-04 05:35 6245888 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-04 05:28 . 2012-07-04 05:28 4749312 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-04 05:10 . 2012-07-04 05:10 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:09 . 2011-09-24 01:18 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-04 05:09 . 2010-08-26 01:19 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-04 05:09 . 2009-12-11 19:49 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2012-09-06 22:56 . 2012-09-06 22:56 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 17:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-08 981656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-20 73360]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 738944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dxtory Update Checker 2.0]
2010-10-17 22:08 93696 ----a-w- c:\program files\Dxtory Software\Dxtory2.0\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-12-15 16:46 976784 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-15 19:51 136176 ----atw- c:\users\NewCPU\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-07-22 04:06 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-25 06:07 7547424 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-21 14:51 1353080 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 06:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\NewCPU\AppData\Roaming\Mozilla\Firefox\Profiles\pfrbj9mx.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 13:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3354171894-1925777830-1373601188-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,f9,7c,87,0a,92,ed,4b,9d,9b,1d,a6,6e,92,f9,42,eb,85,24,02,e6,
82,a7,b3,d6,10,6b,5e,aa,b7,0f,fa,75,71,2f,44,ac,c8,54,3e,c7,28,8b,d9,9b,57,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(8184)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-09-13 13:36:16
ComboFix-quarantined-files.txt 2012-09-13 20:36
ComboFix2.txt 2012-09-13 18:44
ComboFix3.txt 2012-09-11 00:16
.
Pre-Run: 410,672,934,912 bytes free
Post-Run: 410,644,291,584 bytes free
.
- - End Of File - - 2AEF3FF3CADED00DF4785B0C9B8A31E3

Checked a dozen or so links and nothing so far, but it has done this before where it wont do it then randomly starts up.

Update - It just did it the first link I clicked on. It was a TheClickCheck and Devry webpage asking for all my information. Could not go back it kept sending me to other website everytime I hit back.

Edited by Sirhc, 13 September 2012 - 03:44 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 03:46 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 03:58 PM

Adobe AIR
Adobe Download Manager
Adobe Flash Media Encoder 2.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bandisoft MPEG-1 Decoder
Battlefield 3™
Battlelog Web Plugins
BitTorrent
Bonjour
BrickForce 1.4.40
Browser Configuration Utility
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Camtasia Studio 7
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Core Temp 1.0 RC2
Counter-Strike
CPUID CPU-Z 1.58
CyberLink PowerDirector
Diablo III
DivX Setup
Dota 2
Dungeon Defenders
Dxtory 2.0.108
Eraser 6.0.6.1376
ESN Sonar
Facebook Plug-In
Fraps (remove only)
GamersFirst LIVE!
Ghost Recon Online (NCSA-Live)
Gigabyte Raid Configurer
Google Talk Plugin
Grand Theft Auto: San Andreas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java™ 6 Update 35
Kingdoms of Amalur Reckoning
KODAK Share Button App
League of Legends
Malwarebytes Anti-Malware version 1.65.0.1400
Mass Effect™ 3
Max Payne 3
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mumble 1.2.3
Nexon Game Manager
NVIDIA PhysX
Origin
PakkISO 0.4
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PeerBlock 1.1 (r518)
Portal
Project S
PunkBuster Services
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Click to Call
Skype™ 5.10
Sophos Anti-Rootkit 1.5.20
Spec Ops The Line
Spybot - Search & Destroy
Star Wars: The Old Republic
StarCraft II
Steam
SteelSeries USB Soundcard v1.20
Stronghold 3
Super MNC Invitational
SUPERAntiSpyware
swMSM
Terraria
Torchlight
Total War Shogun 2 - Fall Of The Samurai
TrackMania Nations Forever
Transformers Fall of Cybertron
Trine 2
UnHackMe 5.99 release
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VH Toolkit 1.0.15.0
VirtualCloneDrive
VLC media player 1.0.5
Warhammer Online - Wrath of Heroes
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
WinRAR archiver
World of Warcraft
Xfire (remove only)
XSplit
Xvid 1.2.2 final uninstall
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Security Toolbar

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 04:33 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

XXXX [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 04:40 PM

I'm sorry which program do I remove? It says -

Programs to remove

XXXX

There is no such program on the list.

Also I tried to Install Java and it said - Windows Installer - The Windows Installer Service could not be accessed. This can occur if the WIndows Installer is not correctly installed. Contact your support personnel for assistance.

- Sorry for the complications.

Edited by Sirhc, 13 September 2012 - 04:45 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:35 PM

Posted 13 September 2012 - 04:51 PM

sorry - XXXX =

BitTorrent
Java™ 6 Update 35
ZoneAlarm LTD Toolbar
ZoneAlarm Security Toolbar



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Sirhc

Sirhc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 September 2012 - 04:58 PM

It gave me the same message when I remove Java 6 Update 35, but it was removed. Also I could not find ZoneAlaram LTD Toolbar but security was removed. I will re try to install java.

Could not install Java still gave the same message

" Windows Installer - The Windows Installer Service could not be accessed. This can occur if the WIndows Installer is not correctly installed. Contact your support personnel for assistance. "

Edited by Sirhc, 13 September 2012 - 05:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users