GMER 1.0.15.15507 - http://www.gmer.net Rootkit scan 2010-11-06 15:01:03 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1200JB-75CRA0 16.06V16 Running: gmer.exe; Driver: C:\DOCUME~1\MF\LOCALS~1\Temp\pxtdypoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA4D31542] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xA4D31DBA] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA4B512EC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xA4D32DCC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA4B4A8CC] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7765112] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xA4D32CA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA4D31148] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA4B51ABE] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA4B65F82] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA4B663AA] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA4B7083C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA4D32EFE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA4D34784] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xA4D31A58] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA4B51C1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA4D34176] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA4B4B78E] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7765900] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7765BB4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA4D32524] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA4B64D66] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xA4D30E80] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA4D30F2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xA4D32330] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xA4B43ABC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA4B6E558] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA4B6E796] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xA4B70BF8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA4D31076] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xA4D32E6E] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA4B4B280] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7763E12] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xA4D32D3C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA4B6849A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xA4D347AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA4D32FA0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA4B68088] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwProtectVirtualMemory [0xA4B7E25C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xA4D30FD4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA4D30BFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xA4D34B50] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xA4D3084C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xA4D3449E] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7766020] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA4B6EF12] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xA4D3332A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA4D331F0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA4B50E84] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA4B7007E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xA4D35028] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xA4D301FE] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA4B515B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xA4D31C76] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA4B4BB98] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationObject [0xA4B7E120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xA4D3386C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA4B6FBA6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xA4B4314A] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF77653D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xA4D34D74] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xA4D34E9C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA4B670A6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA4B66DD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xA4D3180E] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xA4B43F0E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA4D34A06] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA4D31998] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [BE, 1A, B5, A4, 82, 5F, B6, ...] .text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes [3C, 08, B7, A4, FE, 2E, D3, ...] .text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [BC, 3A, B4, A4, 58, E5, B6, ...] {MOV ESP, 0x58a4b43a; IN EAX, 0xb6; MOVSB ; XCHG ESI, EAX; OUT 0xb6, EAX; MOVSB } .text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes [20, 60, 76, F7, 12, EF, B6, ...] .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [74, 4D, D3, A4, 9C, 4E, D3, ...] {JZ 0x4f; SHL DWORD [ESP+EBX*4-0x595b2cb2], CL; JO 0xffffffffffffffc1; MOVSB } .text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP A4D26DAE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512959 5 Bytes JMP A4D269D4 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03560001 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] KERNEL32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[216] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[284] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\System32\dmadmin.exe[284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00570001 .text C:\WINDOWS\System32\dmadmin.exe[284] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\dmadmin.exe[284] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001 .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[300] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73} .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71] .text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05350001 .text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[772] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014F0001 .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0E001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F05001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F11001E .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[916] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001 .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0141A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 0141A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 0141A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 014199F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!SendInput 7E42F140 5 Bytes JMP 0141A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 01419960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe[924] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001 .text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[960] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001 .text C:\WINDOWS\system32\Ati2evxx.exe[1152] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F] .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1152] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\Ati2evxx.exe[1152] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\Soluto\soluto.exe[1196] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text C:\Program Files\Soluto\soluto.exe[1196] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] KERNEL32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F] .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\soluto.exe[1196] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01830001 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73} .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71] .text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017C0001 .text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 20009810 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 20009930 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C39270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 200097E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 20009900 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1412] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1420] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\system32\csrss.exe[1420] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01600001 .text C:\WINDOWS\system32\csrss.exe[1420] USER32.dll!TranslateMessageEx 7E418A19 5 Bytes JMP 200A1000 C:\Program Files\CheckPoint\ZAForceField\AK\akconsole.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1444] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\WINDOWS\system32\winlogon.exe[1444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001 .text C:\WINDOWS\system32\winlogon.exe[1444] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1444] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1648] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\WINDOWS\system32\services.exe[1648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E20001 .text C:\WINDOWS\system32\services.exe[1648] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1648] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1660] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\WINDOWS\system32\lsass.exe[1660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001 .text C:\WINDOWS\system32\lsass.exe[1660] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1660] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001 .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] user32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] advapi32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Desktop\fsd.exe[1796] advapi32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001 .text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1812] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\System32\Ati2evxx.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001 .text C:\WINDOWS\System32\Ati2evxx.exe[1892] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\Ati2evxx.exe[1892] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Soluto\SolutoService.exe[1908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\Soluto\SolutoService.exe[1908] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 047E0001 .text C:\Program Files\Soluto\SolutoService.exe[1908] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] KERNEL32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Soluto\SolutoService.exe[1908] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [81, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [96, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8A, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A2, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9C, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [99, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8D, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9F, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [87, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [93, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [90, 71] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [84, 71] .text C:\WINDOWS\System32\alg.exe[1928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001 .text C:\WINDOWS\System32\alg.exe[1928] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[1928] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[1928] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001 .text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1940] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [80, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [95, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [89, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A1, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9B, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [98, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8C, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9E, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [86, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [92, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8F, 71] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1968] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [83, 71] .text C:\WINDOWS\System32\svchost.exe[1968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001 .text C:\WINDOWS\System32\svchost.exe[1968] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1968] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 F:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 03CEA560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 03CEA250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 03CEA350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 03CE99F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] USER32.dll!SendInput 7E42F140 5 Bytes JMP 03CEA4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsTray.exe[2112] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 03CE9960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00820001 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2328] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EF0001 .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0E001E .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C39270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F05001E .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2400] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F11001E .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001 .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\MF\Application Data\Dropbox\bin\Dropbox.exe[2484] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001 .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2544] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001 .text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[2676] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007C0001 .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Bonjour\mDNSResponder.exe[2716] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017E0001 .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00880001 .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2868] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001 .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009E0001 .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01AE0001 .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe[3068] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009E0001 .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\MsPMSPSv.exe[3136] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001 .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Norton GoBack\GBPoll.exe[3352] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05290001 .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] user32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] user32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] user32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] advapi32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[3484] advapi32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001 .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 F:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 1A2AA560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 1A2AA250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 1A2AA350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 1A2A99F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] USER32.dll!SendInput 7E42F140 5 Bytes JMP 1A2AA4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\Program Files\Spyware Doctor\pctsSvc.exe[3756] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 1A2A9960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00910001 .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text F:\PROGRA~1\MICROS~1\rapimgr.exe[4068] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20C38791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20C38D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20C389AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001 .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 2000A560 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C3846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20C38E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20C39036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 2000A250 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 2000A350 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C3828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 200099F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C3825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!SendInput 7E42F140 5 Bytes JMP 2000A4E0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20009960 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\DOCUME~1\MF\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4144] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A ---- Devices - GMER 1.0.15 ---- Device ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device \FileSystem\Mup \Dfs ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Kbdclass \Device\KeyboardClass0 icsak.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device \Driver\Kbdclass \Device\KeyboardClass1 icsak.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device \Driver\rdpdr \Device\RdpDrPort ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\rdpdr \Device\RdpDr ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IABFilt.sys (Volume Filter Driver Windows 2000/XP/2003/Iomega) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IABFilt.sys (Volume Filter Driver Windows 2000/XP/2003/Iomega) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IABFilt.sys (Volume Filter Driver Windows 2000/XP/2003/Iomega) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft) Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys Device \FileSystem\Mup \Device\Mup ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Disk \Device\Harddisk1\DR1 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device \FileSystem\Mup \Device\WinDfs\Root ISWKL.sys (ZoneAlarm ForceField/Check Point Software Technologies) AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----