Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect, mozilla firefox crash [Solved]

Started by slowsalsa , Dec 13 2009 04:05 PM

  • This topic is locked This topic is locked

#1
slowsalsa
Posted 13 December 2009 - 04:05 PM

slowsalsa

    New Member

  • Member
  • Pip
  • 6 posts
Im having problems with the redict virus and also firefox says it crashes when i open the internet. Need help please. Here is my hijack info.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:33 PM, on 12/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\usb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ForceField Toolbar Registrar -

{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ForceField Toolbar -

{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon

initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware

Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: F1U201.401.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft....467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.micros...s/en/x86/client

/muweb_site.cab?1251255876686
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

https://fpdownload.m...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software

Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -

C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point

Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7041 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 13 December 2009 - 05:34 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
slowsalsa
Posted 13 December 2009 - 06:03 PM

slowsalsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 12/13/2009 5:48:54 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 91.05 Mb Available Physical Memory | 17.80% Memory free
1.22 Gb Paging File | 0.41 Gb Available in Paging File | 33.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.50 Gb Total Space | 91.41 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OUR-DESKTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/13 17:48:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/02 21:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/30 23:14:07 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/08/30 23:13:27 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/28 19:25:50 | 02,414,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2009/05/28 19:25:50 | 01,005,960 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/05/20 16:39:46 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\ScanningProcess.exe
PRC - [2009/04/17 02:11:44 | 00,394,632 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/04/17 02:11:42 | 01,017,224 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
PRC - [2009/04/17 02:11:40 | 00,546,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/09/28 01:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\SYSTEM32\pctspk.exe
PRC - [2001/07/03 23:14:08 | 00,102,400 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\usb.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/13 17:48:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/04/17 02:11:48 | 00,394,632 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/04/17 02:11:38 | 00,472,456 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2009/02/13 14:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/02/13 14:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/11/13 14:19:40 | 00,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/12/01 21:54:34 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/30 23:13:27 | 01,097,096 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/28 19:25:50 | 02,414,984 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/04/17 02:11:44 | 00,394,632 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/03/09 14:31:02 | 00,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/09/28 01:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2009/08/30 23:12:02 | 00,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/09 11:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/28 19:25:54 | 00,365,448 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2009/04/17 02:11:36 | 00,054,928 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/04/17 02:11:36 | 00,021,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/17 20:49:30 | 00,150,544 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\klif.sys -- (KLIF)
DRV - [2008/11/17 01:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/01/25 19:28:08 | 00,033,307 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2003/03/09 14:31:02 | 00,021,456 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 14:31:02 | 00,016,080 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 14:31:00 | 00,051,024 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2002/12/13 02:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/05/19 21:09:00 | 00,080,128 | R--- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\vnetusbr.sys -- (USBFVNETR)
DRV - [2001/11/06 23:02:38 | 00,153,344 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001/11/01 09:30:30 | 00,041,759 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/10/12 20:44:12 | 00,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/28 20:52:04 | 00,027,008 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/09/28 01:49:00 | 00,702,777 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/24 16:27:18 | 00,463,848 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\smwdm.sys -- (smwdm)
DRV - [2001/09/16 19:45:04 | 00,013,716 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:57:38 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/17 14:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 14:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 14:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 14:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 13:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2001/08/08 15:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 15:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 15:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 15:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 15:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 15:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 15:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 15:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 15:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 15:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/07/31 18:27:12 | 00,130,332 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\trid3dm.sys -- (trid3d)
DRV - [2001/06/04 16:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.3.153.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009/08/28 14:53:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/13 15:48:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/13 15:48:43 | 00,000,000 | ---D | M]

[2009/08/25 18:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/08/30 21:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i1lqohvb.default\extensions
[2009/08/28 14:50:13 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i1lqohvb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/25 18:06:27 | 00,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i1lqohvb.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/12/13 15:48:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/31 08:05:10 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/05 17:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: (774 bytes) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 update.bitdefender.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ForceField Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\SYSTEM\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [USB] C:\WINDOWS\SYSTEM32\usb.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk = C:\Program Files\Belkin\F1U201.401\usbshare.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251255876686 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 22:36:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2005/04/12 16:39:50 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B0087AEE-2CA7-4296-B0C3-663AA619DF1B} - Google Toolbar for Internet Explorer 8
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{41F02982-7E09-474B-AD97-649739052445} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - C:\WINDOWS\System32\miroDV2avi.dll (Pinnacle Systems)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/13 17:47:59 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/13 16:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/13 15:46:38 | 08,084,968 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.5.5.exe
[2009/12/13 15:15:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2009/12/13 14:31:34 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/12/13 14:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/13 14:20:48 | 00,000,000 | ---D | C] -- C:\Program Files\hijackthis
[2009/12/13 13:58:30 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Owner\Desktop\KillBox.exe
[2009/12/13 13:57:29 | 03,326,576 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup226.exe
[2009/11/18 17:29:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Insanity vids
[2009/11/17 18:57:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My DVDs
[2009/11/17 18:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/11/17 18:27:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2009/08/30 22:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/08/30 21:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/30 12:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/27 22:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/27 18:46:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/27 18:46:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/05/20 04:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/12 22:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/04/12 16:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/13 17:52:18 | 03,619,872 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/13 17:48:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/13 17:40:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/13 16:06:47 | 00,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2009/12/13 16:06:38 | 00,415,688 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/13 16:03:51 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2009/12/13 15:48:49 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/13 15:47:28 | 08,084,968 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.5.5.exe
[2009/12/13 15:40:46 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/12/13 15:39:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 15:38:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 15:38:49 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/13 15:37:59 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/13 15:37:59 | 00,020,300 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/13 15:37:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/13 15:29:44 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 15:29:44 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 15:29:43 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 15:24:47 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/13 15:22:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/13 15:15:29 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/13 14:57:55 | 00,201,781 | ---- | M] () -- C:\WINDOWS\System32\kbiwkmrspdpalk.dat
[2009/12/13 14:48:28 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/12/13 14:32:20 | 00,175,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091213_143214.reg
[2009/12/13 14:29:02 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/13 13:58:36 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Owner\Desktop\KillBox.exe
[2009/12/13 13:57:40 | 03,326,576 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup226.exe
[2009/12/07 09:04:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/26 23:57:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/25 11:40:17 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/13 15:48:49 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/13 15:24:47 | 03,619,872 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/13 15:24:47 | 00,020,300 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/13 15:15:29 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/13 15:12:06 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/13 14:32:16 | 00,175,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091213_143214.reg
[2009/12/13 14:29:02 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/13 14:22:35 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2009/08/25 21:31:07 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\kbiwkmsyxnrvky.dll
[2009/08/25 21:31:04 | 00,041,984 | ---- | C] () -- C:\WINDOWS\System32\kbiwkmfpievtss.dll
[2009/08/25 20:05:35 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/04/14 13:46:01 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/04/14 13:45:10 | 00,000,073 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2006/04/14 13:40:26 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/04/14 13:40:25 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/04/14 13:38:49 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2005/04/12 22:28:20 | 00,002,196 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/04/12 22:18:19 | 00,001,032 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2005/04/12 22:18:17 | 00,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2005/04/12 21:47:07 | 00,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/12 18:08:48 | 00,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/12 18:08:00 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/12/17 22:54:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/05 03:26:46 | 00,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/12/04 20:52:35 | 01,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/12/04 20:52:35 | 01,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/12/04 20:52:35 | 01,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/12/04 20:52:35 | 01,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/12/04 20:52:35 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaw7.dll
[2001/12/04 20:52:35 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/12/04 20:52:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaa6.dll
[2001/12/04 20:52:34 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplam6.dll
[2001/12/04 20:39:36 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/11/07 03:45:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/07 03:45:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/07 03:37:54 | 00,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/07 03:29:04 | 00,000,786 | ---- | C] () -- C:\WINDOWS\Studio7.ini
[2001/11/07 03:28:49 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2001/11/07 03:28:49 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2001/11/07 03:28:49 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2001/11/07 03:28:49 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2001/11/07 03:28:49 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2001/11/07 03:21:26 | 00,000,050 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/07 03:21:26 | 00,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/07 03:21:26 | 00,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/07 02:50:13 | 00,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/07 02:50:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/07 02:49:47 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 22:40:54 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 22:31:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 14:21:55 | 00,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/08 15:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/08 02:07:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2000/12/29 18:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-13 21:22:16

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
< End of report >



OTL Extras logfile created on: 12/13/2009 5:48:54 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 91.05 Mb Available Physical Memory | 17.80% Memory free
1.22 Gb Paging File | 0.41 Gb Available in Paging File | 33.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.50 Gb Total Space | 91.41 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OUR-DESKTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903 -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = ViviCam V35
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.6
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = hp instant support
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Basic)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Spyware Doctor" = Spyware Doctor 6.0
"StudioDV" = Studio
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"USB" = USB
"USB Drivers" = USB Drivers
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2009 11:01:29 AM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/1/2009 11:04:06 AM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/2/2009 11:23:10 AM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/7/2009 11:04:42 AM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/7/2009 11:10:07 AM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/13/2009 4:12:58 PM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/13/2009 4:15:49 PM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/13/2009 4:24:08 PM | Computer Name = OUR-DESKTOP | Source = Google Update | ID = 20
Description =

Error - 12/13/2009 4:50:36 PM | Computer Name = OUR-DESKTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/13/2009 5:53:21 PM | Computer Name = OUR-DESKTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 11/18/2009 10:11:51 PM | Computer Name = OUR-DESKTOP | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 e2602000, parameter2 00000002, parameter3
00000000, parameter4 f2987151.

Error - 11/23/2009 10:28:47 AM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/25/2009 12:55:21 PM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/27/2009 12:54:42 PM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/29/2009 12:54:43 PM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/2/2009 11:23:01 AM | Computer Name = OUR-DESKTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 12/2/2009 11:23:29 AM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/7/2009 11:06:48 AM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/13/2009 4:13:22 PM | Computer Name = OUR-DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/13/2009 4:46:44 PM | Computer Name = OUR-DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.1 for the Network Card with network
address 00E0184E8412 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >
  • 0

#4
Rorschach112
Posted 13 December 2009 - 06:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#5
slowsalsa
Posted 13 December 2009 - 11:32 PM

slowsalsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I really appreciate all the help....
Here is the log

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-13 23:30:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF2A62C30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF2A5F4F0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBAF2C514]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF2A63320]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF2A77760]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF2A77970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF2A7C310]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF2A63410]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF2A5FD20]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBAF2CD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBAF2CFB8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF2A770E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF2A7B560]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF2A7B5E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xF2A7C590]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF2A5FA80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBAF2B3FA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF2A79070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF2A78E30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBAF2D422]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF2A7B7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF2A62840]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF2A7BC20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF2A62E80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF2A5FF90]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBAF2C7D8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF2A780F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF2A77F70]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [20, 33, A6, F2, 60, 77, A7, ...]
? srescan.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\WINDOWS\System32\svchost.exe[236] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[236] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015D0001
.text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[284] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00920001
.text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[596] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\csrss.exe[640] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01410001
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[664] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[708] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[720] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007A0001
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[856] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[888] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[952] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02EA0001
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1148] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\WINDOWS\System32\nvsvc32.exe[1156] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[1156] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001
.text C:\WINDOWS\system32\pctspk.exe[1268] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\pctspk.exe[1268] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1292] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 022E0001
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1832] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[2508] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00870001
.text C:\WINDOWS\System32\alg.exe[2712] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[2712] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2712] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\system32\wscntfy.exe[2864] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[2864] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[2864] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\windows\system\hpsysdrv.exe[3480] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\windows\system\hpsysdrv.exe[3480] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\windows\system\hpsysdrv.exe[3480] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\WINDOWS\system32\usb.exe[3668] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\usb.exe[3668] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\usb.exe[3668] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[3700] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00870001
.text C:\WINDOWS\System32\svchost.exe[3808] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\svchost.exe[3808] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3808] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\WINDOWS\system32\ctfmon.exe[3984] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[3984] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[3984] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4032] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 216B56D0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 216B5904 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008B0001
.text C:\Program Files\iPod\bin\iPodService.exe[4076] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[4076] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 20008B10 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 216B53A5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 216B5D36 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 216B5EEB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] RPCRT4.dll!RpcImpersonateClient 77E7A436 5 Bytes JMP 216B5CB2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 20008620 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 20008720 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 216B51C4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 20008020 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!GetAsyncKeyState 7E42A78F 5 Bytes JMP 200080A0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!MoveWindow + A5 7E42B343 5 Bytes JMP 20007F20 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 216B518B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!GetKeyboardState 7E42D226 5 Bytes JMP 20007F50 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!SendInput 7E42F140 5 Bytes JMP 20008240 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!UnhookWinEvent + 27 7E4318D3 5 Bytes JMP 20007EF0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!keybd_event 7E466783 5 Bytes JMP 200081F0 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[4076] USER32.dll!GetRawInputData 7E46CCBE 5 Bytes JMP 20008120 C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F2A65C40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F2A65C40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F2A65C40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F2A65C40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F2A812D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F2A65C40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F2A678D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F2A65C40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F2A68010] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F2A676E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F2A60630] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F2A607F0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F2A60340] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F2A606F0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[236] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[780] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Bonjour\mDNSResponder.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\nvsvc32.exe[1156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\pctspk.exe[1268] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Documents and Settings\Owner\Desktop\gmer.exe[1404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wscntfy.exe[2864] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\windows\system\hpsysdrv.exe[3480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\usb.exe[3668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[3808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[3984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\iPod\bin\iPodService.exe[4076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [216B5295] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\kbiwkmubqmchbf.sys (*** hidden *** ) [SYSTEM] kbiwkmxextiqjx <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx@imagepath \systemroot\system32\drivers\kbiwkmubqmchbf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main@aid 10034
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\drivers\kbiwkmubqmchbf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmfpievtss.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmrspdpalk.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmsyxnrvky.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmapucxvwr.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx@imagepath \systemroot\system32\drivers\kbiwkmubqmchbf.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main@aid 10034
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\drivers\kbiwkmubqmchbf.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmfpievtss.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmrspdpalk.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmsyxnrvky.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmapucxvwr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx@imagepath \systemroot\system32\drivers\kbiwkmubqmchbf.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main@aid 10034
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\drivers\kbiwkmubqmchbf.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmfpievtss.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmrspdpalk.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmsyxnrvky.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmxextiqjx\[email protected] \systemroot\system32\kbiwkmapucxvwr.dat

---- EOF - GMER 1.0.15 ----
  • 0

#6
Rorschach112
Posted 14 December 2009 - 06:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
kbiwkmubqmchbf
kbiwkmxextiqjx

Files to delete:
C:\windows\system32\drivers\kbiwkmubqmchbf.sys
C:\windows\system32\kbiwkmfpievtss.dll
C:\windows\system32\kbiwkmrspdpalk.dat
C:\windows\system32\kbiwkmsyxnrvky.dll
C:\windows\system32\kbiwkmapucxvwr.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
  • 0

#7
slowsalsa
Posted 14 December 2009 - 09:15 AM

slowsalsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Mon Dec 14 09:06:48 2009

09:06:48: Error: Could not register cleanup.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kbiwkmubqmchbf" not found!
Deletion of driver "kbiwkmubqmchbf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "kbiwkmxextiqjx" deleted successfully.

Error: file "C:\windows\system32\drivers\kbiwkmubqmchbf.sys" not found!
Deletion of file "C:\windows\system32\drivers\kbiwkmubqmchbf.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\windows\system32\kbiwkmfpievtss.dll" deleted successfully.
File "C:\windows\system32\kbiwkmrspdpalk.dat" deleted successfully.
File "C:\windows\system32\kbiwkmsyxnrvky.dll" deleted successfully.
File "C:\windows\system32\kbiwkmapucxvwr.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#8
Rorschach112
Posted 14 December 2009 - 11:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#9
slowsalsa
Posted 15 December 2009 - 08:34 AM

slowsalsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the Malware log




Malwarebytes' Anti-Malware 1.42
Database version: 3362
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/14/2009 10:47:22 PM
mbam-log-2009-12-14 (22-47-22).txt

Scan type: Quick Scan
Objects scanned: 113456
Time elapsed: 10 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, December 15, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 15, 2009 05:16:07
Records in database: 3373750
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 44730
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 07:47:51


File name / Threat / Threats count
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP0\A0000001.sys Infected: Packed.Win32.TDSS.z 1

Selected area has been scanned.
  • 0

#10
Rorschach112
Posted 15 December 2009 - 08:45 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


also tell me how its running
  • 0

#11
slowsalsa
Posted 15 December 2009 - 10:39 AM

slowsalsa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the help. Well Firefox still pops up with the crash reporter when i open it. Other than that everything seems to be working fine.



OTL logfile created on: 12/15/2009 10:23:59 AM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 172.51 Mb Available Physical Memory | 33.72% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.50 Gb Total Space | 91.18 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OUR-DESKTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/14 22:53:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/14 22:53:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/13 17:48:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/28 19:25:50 | 02,414,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2009/05/28 19:25:50 | 01,005,960 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/05/20 16:39:46 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\ScanningProcess.exe
PRC - [2009/04/17 02:11:44 | 00,394,632 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/04/17 02:11:42 | 01,017,224 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
PRC - [2009/04/17 02:11:40 | 00,546,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/09/28 01:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\SYSTEM32\pctspk.exe
PRC - [2001/07/03 23:14:08 | 00,102,400 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\usb.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/13 17:48:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/04/17 02:11:48 | 00,394,632 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/04/17 02:11:38 | 00,472,456 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2006/12/01 21:54:34 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/14 22:53:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/30 23:13:27 | 01,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/28 19:25:50 | 02,414,984 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/04/17 02:11:44 | 00,394,632 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/03/09 14:31:02 | 00,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/09/28 01:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2001/08/17 23:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\pctspk.exe -- (Pctspk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.3.153.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009/08/28 14:53:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/13 15:48:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/14 22:53:30 | 00,000,000 | ---D | M]

[2009/08/25 18:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/08/30 21:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i1lqohvb.default\extensions
[2009/08/28 14:50:13 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i1lqohvb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/25 18:06:27 | 00,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i1lqohvb.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/12/14 22:53:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/31 08:05:10 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/05 17:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: (774 bytes) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 update.bitdefender.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ForceField Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\SYSTEM\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB] C:\WINDOWS\SYSTEM32\usb.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk = C:\Program Files\Belkin\F1U201.401\usbshare.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251255876686 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 22:36:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 22:53:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/12/14 22:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/14 22:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/12/14 22:32:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/14 22:32:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/14 22:32:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/14 22:19:21 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/12/14 22:18:43 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/14 09:08:53 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/13 22:44:35 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/13 17:47:59 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/13 16:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/13 15:46:38 | 08,084,968 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.5.5.exe
[2009/12/13 15:15:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2009/12/13 14:31:34 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/12/13 14:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/13 14:20:48 | 00,000,000 | ---D | C] -- C:\Program Files\hijackthis
[2009/12/13 13:58:30 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Owner\Desktop\KillBox.exe
[2009/12/13 13:57:29 | 03,326,576 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup226.exe
[2009/08/30 22:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/08/30 21:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/30 12:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/27 22:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/27 18:46:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/27 18:46:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/05/20 04:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/12 22:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/04/12 16:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/15 10:34:39 | 00,027,946 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[isoHunt] Friday Night Lights Season 2.torrent
[2009/12/15 10:33:58 | 00,024,353 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[isoHunt] Friday Night Lights Season 3.torrent
[2009/12/15 10:33:51 | 10,492,192 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/15 08:38:09 | 00,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2009/12/15 08:37:39 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/12/15 08:37:33 | 00,415,688 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/15 08:36:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/15 08:36:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/15 08:36:26 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/15 08:35:49 | 00,134,516 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/15 08:35:23 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/15 08:35:23 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/15 01:02:36 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Owner.job
[2009/12/14 22:32:59 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 22:19:51 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/12/14 22:18:45 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/12/14 09:18:59 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 09:04:50 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2009/12/13 22:52:10 | 00,284,610 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/12/13 17:48:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/13 17:40:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/13 16:03:51 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2009/12/13 15:48:49 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/13 15:47:28 | 08,084,968 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.5.5.exe
[2009/12/13 15:29:44 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 15:29:44 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 15:29:43 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 15:24:47 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/13 15:22:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/13 15:15:29 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/13 14:48:28 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/12/13 14:32:20 | 00,175,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20091213_143214.reg
[2009/12/13 14:29:02 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/13 13:58:36 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Owner\Desktop\KillBox.exe
[2009/12/13 13:57:40 | 03,326,576 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup226.exe
[2009/12/11 18:13:42 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2009/12/07 09:04:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2009/12/14 22:33:11 | 00,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Owner.job
[2009/12/14 22:32:59 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 09:04:59 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.exe
[2009/12/14 09:04:46 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2009/12/13 22:52:37 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2009/12/13 22:52:08 | 00,284,610 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/12/13 15:48:49 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/13 15:24:47 | 10,352,416 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/13 15:24:47 | 00,134,516 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/13 15:15:29 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/13 15:12:06 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/13 14:32:16 | 00,175,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20091213_143214.reg
[2009/12/13 14:29:02 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/13 14:22:35 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2009/08/25 20:05:35 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/04/14 13:46:01 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/04/14 13:45:10 | 00,000,073 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2006/04/14 13:40:26 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/04/14 13:40:25 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/04/14 13:38:49 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2005/04/12 22:28:20 | 00,002,196 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/04/12 22:18:19 | 00,001,032 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2005/04/12 22:18:17 | 00,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2005/04/12 21:47:07 | 00,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/12 18:08:48 | 00,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/12 18:08:00 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/12/17 22:54:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/05 03:26:46 | 00,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/12/04 20:52:35 | 01,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/12/04 20:52:35 | 01,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/12/04 20:52:35 | 01,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/12/04 20:52:35 | 01,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/12/04 20:52:35 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaw7.dll
[2001/12/04 20:52:35 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/12/04 20:52:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\mplaa6.dll
[2001/12/04 20:52:34 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplam6.dll
[2001/12/04 20:39:36 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/11/07 03:45:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/07 03:45:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/07 03:37:54 | 00,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/07 03:29:04 | 00,000,786 | ---- | C] () -- C:\WINDOWS\Studio7.ini
[2001/11/07 03:28:49 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2001/11/07 03:28:49 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2001/11/07 03:28:49 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2001/11/07 03:28:49 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2001/11/07 03:28:49 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2001/11/07 03:21:26 | 00,000,050 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/07 03:21:26 | 00,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/07 03:21:26 | 00,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/07 02:50:13 | 00,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/07 02:50:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/07 02:49:47 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 22:40:54 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 22:31:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 14:21:55 | 00,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/08 15:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/08 02:07:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2000/12/29 18:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

========== LOP Check ==========

[2009/08/27 08:50:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/08/26 14:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/12/14 22:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/25 19:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/28 21:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\#ISW.FS#
[2009/08/25 19:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Any DVD Converter Professional
[2009/08/28 14:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2005/04/17 06:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2005/04/12 16:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/11/17 18:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/05/15 17:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Learn2.com
[2009/08/28 14:58:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailFrontier
[2009/12/15 08:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
< End of report >
  • 0

#12
Rorschach112
Posted 15 December 2009 - 04:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#13
Rorschach112
Posted 28 December 2009 - 10:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP