The external harddrive (connected through USB to my computer) of my computer had a bunch of rootkits. I ran avast, which found and put into chest about 6 rootkits plus 4 other malware. All 10 had been in the System Volume Information folder of the FAT 32 partition of the external (more details about harddrive below).
I have a brand new INTERNAL harddrive, that I wiped clean using DBAN following the discovery of the rootkits on my EXTERNAL. Afterwards I took these steps (w/o ever connecting again to the external harddrive after the wipe)
- reinstalled Windows 7 Home Premium from original MS disks
- downloaded complete set of MS Updates (including optional ones - mostly drivers for my computer)
- installed Avast (first) and (then) Zonealarm free versions
- changed some basic options in Windows 7 (the usual, show file extensions and such)
Goal:
To make sure that the external, USB connected drives will be cleaned of any remaining malware without infecting the internal harddrive of my laptop. I really want to make sure all data is kept in the external, including zipped files.
System information:
Lenovo Thinkpad Tablet x61
Windows 7 Home Premium
AV/Firewall: see above
Cisco/syslink hardware router via wireless with NAT etc
Seagate Momentus 500 gb internal harddrive.
Verbatim external harddrive, 500gb, 3~equal sized partitions, 1 FAT32 (that one had the malware I'm aware of), 2 NFTS
AFTER READING YOUR MALWARE REMOVAL GUIDE:
- I disabled autoplay on my computer and plugged in the external harddrive.
- I ran all the recommended scans (TFC, ERUNT, Malwarebytes, Avast antivirus, GMER, OTL) and have logs that include scans of my C: drive and my 3 external partitions.
- These scans were conducted after I had taken the above steps (i.e. placed the rootkits in avast chest.) I had done the initial scan to find the rootkits before I started looking at this forum.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4200
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/15/2010 10:03:53 PM
mbam-log-2010-06-15 (22-03-53).txt
Scan type: Quick scan
Objects scanned: 118228
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4200
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/15/2010 10:10:52 PM
mbam-log-2010-06-15 (22-10-52).txt
Scan type: Full scan (D:\|E:\|F:\|)
Objects scanned: 134694
Time elapsed: 6 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 22:32:59
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Jen\AppData\Local\Temp\uwldypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8D16B7EA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8D16C0BA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8D16B240]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8D1647FE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8D18309E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8D16BD4A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8D17F608]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8D17FA30]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8D18798E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8D17FEA4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8D16BEA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8D1656CA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8D184ABE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8D1843B2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8D17E442]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8D18548C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8D1856CA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8D185B7C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8D1651B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8D181666]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8D186926]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8D185E46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8D16ADD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8D186564]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8D16B50C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8D165AD6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8D186EB0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8D183AD2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8D18072E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8D18045E]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82839AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82839104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828222D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82821898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82839958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82839F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8283A1A8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8BCA4A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82899599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828BDF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 828C5758 8 Bytes JMP BA8D16B7
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 828C57EC 4 Bytes [40, B2, 16, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 828C5808 4 Bytes [FE, 47, 16, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 828C5818 4 Bytes [9E, 30, 18, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 324 828C5834 4 Bytes [4A, BD, 16, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwLoadDriver 829F7279 7 Bytes JMP 8BCA4A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A5EFA7 5 Bytes JMP 8BCA0536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82A78CA7 5 Bytes JMP 8BCA1F28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text peauth.sys A7632C9D 28 Bytes [84, 9A, ED, D3, E6, D9, 17, ...]
.text peauth.sys A7632CC1 28 Bytes [84, 9A, ED, D3, E6, D9, 17, ...]
PAGE peauth.sys A7638B9B 14 Bytes [49, EC, 9B, 9B, C3, 45, D2, ...]
PAGE peauth.sys A7638BAA 57 Bytes [A6, 0F, 56, F4, DA, 40, D0, ...]
PAGE peauth.sys A7638BEC 111 Bytes CALL 3BD8A8E8
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[472] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[524] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[556] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[568] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ibmpmsvc.exe[752] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] user32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[804] user32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[892] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[932] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1172] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[1280] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1916] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1916] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2036] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe[2088] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2116] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\AEADISRV.EXE[2124] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2300] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2316] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2624] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2672] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2732] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[3200] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3224] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3244] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3272] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3288] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3296] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3372] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateDialogParamW 760F9BFF 5 Bytes JMP 6A45C578 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!EnableWindow 760FA72E 5 Bytes JMP 6A45C4F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!GetAsyncKeyState 760FC09A 5 Bytes JMP 6A41D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 6A51835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CallNextHookEx 760FCC8F 5 Bytes JMP 6A4F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateWindowExW 76100E51 5 Bytes JMP 6A508157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 6A4B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!GetKeyState 76104FDA 5 Bytes JMP 6A45D76A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!IsDialogMessageW 76106F06 5 Bytes JMP 6A424284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateDialogParamA 76113E79 5 Bytes JMP 6A6301E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!IsDialogMessage 7611407A 5 Bytes JMP 6A62FA8A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateDialogIndirectParamA 76119110 5 Bytes JMP 6A630220 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateDialogIndirectParamW 761208AD 5 Bytes JMP 6A630257 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamW 76124AA7 5 Bytes JMP 6A62F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!EndDialog 7612555C 5 Bytes JMP 6A425AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxParamW 7612564A 5 Bytes JMP 6A424BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetKeyboardState 76126B52 5 Bytes JMP 6A62FDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SendInput 76127055 5 Bytes JMP 6A6309B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetCursorPos 7613C1D8 5 Bytes JMP 6A630A0C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxParamA 7613CF6A 5 Bytes JMP 6A62F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamA 7613D29C 5 Bytes JMP 6A62F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxIndirectA 7614E8C9 5 Bytes JMP 6A62F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxIndirectW 7614E9C3 5 Bytes JMP 6A62F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxExA 7614EA29 5 Bytes JMP 6A62F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxExW 7614EA4D 5 Bytes JMP 6A62F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!keybd_event 7614EC9B 5 Bytes JMP 6A630D3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] SHELL32.dll!SHChangeNotification_Lock + 45BA 76E6B3E8 4 Bytes [11, 36, 59, 6D] {ADC [ESI], ESI; POP ECX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] SHELL32.dll!SHChangeNotification_Lock + 45C2 76E6B3F0 8 Bytes [5F, 35, 59, 6D, D0, 73, 58, ...] {POP EDI; XOR EAX, 0x73d06d59; POP EAX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ole32.dll!OleLoadFromStream 76575B88 5 Bytes JMP 6A62F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] ole32.dll!CoCreateInstance 765C57FC 5 Bytes JMP 6A508C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!sendto 764B3AED 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!closesocket 764B3BED 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!recv 764B47DF 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!WSASend 764B68A7 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!WSARecv 764BC29F 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!send 764BC4C8 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!WSASendDisconnect 764CAD39 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3628] WS2_32.dll!WSASendTo 764CADC4 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3660] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Jen\Desktop\gmer.exe[3680] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!CreateWindowExW 76100E51 5 Bytes JMP 6A508157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamW 76124AA7 5 Bytes JMP 6A62F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamW 7612564A 5 Bytes JMP 6A424BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxParamA 7613CF6A 5 Bytes JMP 6A62F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!DialogBoxIndirectParamA 7613D29C 5 Bytes JMP 6A62F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectA 7614E8C9 5 Bytes JMP 6A62F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxIndirectW 7614E9C3 5 Bytes JMP 6A62F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExA 7614EA29 5 Bytes JMP 6A62F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] USER32.dll!MessageBoxExW 7614EA4D 5 Bytes JMP 6A62F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!sendto 764B3AED 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!closesocket 764B3BED 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!recv 764B47DF 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!WSASend 764B68A7 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!WSARecv 764BC29F 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!send 764BC4C8 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!WSASendDisconnect 764CAD39 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[3776] WS2_32.dll!WSASendTo 764CADC4 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\explorer.exe[3952] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4076] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!CreateDialogParamW 760F9BFF 5 Bytes JMP 6A45C578 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!EnableWindow 760FA72E 5 Bytes JMP 6A45C4F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!GetAsyncKeyState 760FC09A 5 Bytes JMP 6A41D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 6A51835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!CallNextHookEx 760FCC8F 5 Bytes JMP 6A4F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!CreateWindowExW 76100E51 5 Bytes JMP 6A508157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 6A4B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!GetKeyState 76104FDA 5 Bytes JMP 6A45D76A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!IsDialogMessageW 76106F06 5 Bytes JMP 6A424284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!CreateDialogParamA 76113E79 5 Bytes JMP 6A6301E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!IsDialogMessage 7611407A 5 Bytes JMP 6A62FA8A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!CreateDialogIndirectParamA 76119110 5 Bytes JMP 6A630220 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!CreateDialogIndirectParamW 761208AD 5 Bytes JMP 6A630257 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!DialogBoxIndirectParamW 76124AA7 5 Bytes JMP 6A62F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!EndDialog 7612555C 5 Bytes JMP 6A425AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!DialogBoxParamW 7612564A 5 Bytes JMP 6A424BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!SetKeyboardState 76126B52 5 Bytes JMP 6A62FDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!SendInput 76127055 5 Bytes JMP 6A6309B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!SetCursorPos 7613C1D8 5 Bytes JMP 6A630A0C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!DialogBoxParamA 7613CF6A 5 Bytes JMP 6A62F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!DialogBoxIndirectParamA 7613D29C 5 Bytes JMP 6A62F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!MessageBoxIndirectA 7614E8C9 5 Bytes JMP 6A62F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!MessageBoxIndirectW 7614E9C3 5 Bytes JMP 6A62F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!MessageBoxExA 7614EA29 5 Bytes JMP 6A62F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!MessageBoxExW 7614EA4D 5 Bytes JMP 6A62F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] USER32.dll!keybd_event 7614EC9B 5 Bytes JMP 6A630D3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] SHELL32.dll!SHChangeNotification_Lock + 45BA 76E6B3E8 4 Bytes [11, 36, 59, 6D] {ADC [ESI], ESI; POP ECX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] SHELL32.dll!SHChangeNotification_Lock + 45C2 76E6B3F0 8 Bytes [5F, 35, 59, 6D, D0, 73, 58, ...] {POP EDI; XOR EAX, 0x73d06d59; POP EAX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ole32.dll!OleLoadFromStream 76575B88 5 Bytes JMP 6A62F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] ole32.dll!CoCreateInstance 765C57FC 5 Bytes JMP 6A508C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!sendto 764B3AED 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!closesocket 764B3BED 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!recv 764B47DF 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!WSASend 764B68A7 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!WSARecv 764BC29F 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!send 764BC4C8 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!WSASendDisconnect 764CAD39 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[4752] WS2_32.dll!WSASendTo 764CADC4 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!CreateWindowExW 76100E51 5 Bytes JMP 6A508157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxIndirectParamW 76124AA7 5 Bytes JMP 6A62F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxParamW 7612564A 5 Bytes JMP 6A424BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxParamA 7613CF6A 5 Bytes JMP 6A62F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!DialogBoxIndirectParamA 7613D29C 5 Bytes JMP 6A62F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxIndirectA 7614E8C9 5 Bytes JMP 6A62F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxIndirectW 7614E9C3 5 Bytes JMP 6A62F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxExA 7614EA29 5 Bytes JMP 6A62F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] USER32.dll!MessageBoxExW 7614EA4D 5 Bytes JMP 6A62F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!sendto 764B3AED 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!closesocket 764B3BED 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!recv 764B47DF 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!WSASend 764B68A7 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!WSARecv 764BC29F 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!send 764BC4C8 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!WSASendDisconnect 764CAD39 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5292] WS2_32.dll!WSASendTo 764CADC4 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateDialogParamW 760F9BFF 5 Bytes JMP 6A45C578 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!EnableWindow 760FA72E 5 Bytes JMP 6A45C4F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!GetAsyncKeyState 760FC09A 5 Bytes JMP 6A41D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 6A51835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CallNextHookEx 760FCC8F 5 Bytes JMP 6A4F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateWindowExW 76100E51 5 Bytes JMP 6A508157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 6A4B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!GetKeyState 76104FDA 5 Bytes JMP 6A45D76A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!IsDialogMessageW 76106F06 5 Bytes JMP 6A424284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateDialogParamA 76113E79 5 Bytes JMP 6A6301E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!IsDialogMessage 7611407A 5 Bytes JMP 6A62FA8A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateDialogIndirectParamA 76119110 5 Bytes JMP 6A630220 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateDialogIndirectParamW 761208AD 5 Bytes JMP 6A630257 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamW 76124AA7 5 Bytes JMP 6A62F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!EndDialog 7612555C 5 Bytes JMP 6A425AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamW 7612564A 5 Bytes JMP 6A424BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!SetKeyboardState 76126B52 5 Bytes JMP 6A62FDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!SendInput 76127055 5 Bytes JMP 6A6309B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!SetCursorPos 7613C1D8 5 Bytes JMP 6A630A0C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamA 7613CF6A 5 Bytes JMP 6A62F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamA 7613D29C 5 Bytes JMP 6A62F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectA 7614E8C9 5 Bytes JMP 6A62F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectW 7614E9C3 5 Bytes JMP 6A62F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExA 7614EA29 5 Bytes JMP 6A62F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExW 7614EA4D 5 Bytes JMP 6A62F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!keybd_event 7614EC9B 5 Bytes JMP 6A630D3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] SHELL32.dll!SHChangeNotification_Lock + 45BA 76E6B3E8 4 Bytes [11, 36, 59, 6D] {ADC [ESI], ESI; POP ECX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] SHELL32.dll!SHChangeNotification_Lock + 45C2 76E6B3F0 8 Bytes [5F, 35, 59, 6D, D0, 73, 58, ...] {POP EDI; XOR EAX, 0x73d06d59; POP EAX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ole32.dll!OleLoadFromStream 76575B88 5 Bytes JMP 6A62F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ole32.dll!CoCreateInstance 765C57FC 5 Bytes JMP 6A508C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!sendto 764B3AED 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!closesocket 764B3BED 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!recv 764B47DF 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!WSASend 764B68A7 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!WSARecv 764BC29F 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!send 764BC4C8 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!WSASendDisconnect 764CAD39 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5364] WS2_32.dll!WSASendTo 764CADC4 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ntdll.dll!NtAccessCheckByType 77CE4620 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ntdll.dll!NtAlpcImpersonateClientOfPort 77CE4800 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ntdll.dll!NtImpersonateClientOfPort 77CE4F10 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ntdll.dll!NtSetInformationProcess 77CE5AC0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] kernel32.dll!OpenProcess 77A673E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] kernel32.dll!SetUnhandledExceptionFilter 77A73142 5 Bytes JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ADVAPI32.dll!SetThreadToken 77E2CA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ADVAPI32.dll!ImpersonateNamedPipeClient 77E62331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogParamW 760F9BFF 5 Bytes JMP 6A45C578 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!EnableWindow 760FA72E 5 Bytes JMP 6A45C4F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!FindWindowA 760FA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!GetWindowMinimizeRect + 377 760FBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!GetAsyncKeyState 760FC09A 5 Bytes JMP 6A41D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 6A51835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CallNextHookEx 760FCC8F 5 Bytes JMP 6A4F9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!FindWindowW 760FCF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateWindowExW 76100E51 5 Bytes JMP 6A508157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 6A4B4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!GetKeyState 76104FDA 5 Bytes JMP 6A45D76A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!IsDialogMessageW 76106F06 5 Bytes JMP 6A424284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogParamA 76113E79 5 Bytes JMP 6A6301E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!IsDialogMessage 7611407A 5 Bytes JMP 6A62FA8A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogIndirectParamA 76119110 5 Bytes JMP 6A630220 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogIndirectParamW 761208AD 5 Bytes JMP 6A630257 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxIndirectParamW 76124AA7 5 Bytes JMP 6A62F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!EndDialog 7612555C 5 Bytes JMP 6A425AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxParamW 7612564A 5 Bytes JMP 6A424BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SetKeyboardState 76126B52 5 Bytes JMP 6A62FDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SendInput 76127055 5 Bytes JMP 6A6309B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SetCursorPos 7613C1D8 5 Bytes JMP 6A630A0C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxParamA 7613CF6A 5 Bytes JMP 6A62F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxIndirectParamA 7613D29C 5 Bytes JMP 6A62F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxIndirectA 7614E8C9 5 Bytes JMP 6A62F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxIndirectW 7614E9C3 5 Bytes JMP 6A62F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxExA 7614EA29 5 Bytes JMP 6A62F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxExW 7614EA4D 5 Bytes JMP 6A62F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!keybd_event 7614EC9B 5 Bytes JMP 6A630D3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] SHELL32.dll!SHChangeNotification_Lock + 45BA 76E6B3E8 4 Bytes [11, 36, 59, 6D] {ADC [ESI], ESI; POP ECX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] SHELL32.dll!SHChangeNotification_Lock + 45C2 76E6B3F0 8 Bytes [5F, 35, 59, 6D, D0, 73, 58, ...] {POP EDI; XOR EAX, 0x73d06d59; POP EAX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ole32.dll!OleLoadFromStream 76575B88 5 Bytes JMP 6A62F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ole32.dll!CoCreateInstance 765C57FC 5 Bytes JMP 6A508C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!sendto 764B3AED 5 Bytes JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!closesocket 764B3BED 5 Bytes JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!recv 764B47DF 5 Bytes JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!WSASend 764B68A7 5 Bytes JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!WSARecv 764BC29F 5 Bytes JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!send 764BC4C8 5 Bytes JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!WSASendDisconnect 764CAD39 5 Bytes JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] WS2_32.dll!WSASendTo 764CADC4 5 Bytes JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\BTHUSB \Device\0000007e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4cfb38e5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4cfb38e5 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 6/16/2010 2:35:59 AM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jen\Downloads\OTL
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 452.45 Gb Free Space | 97.16% Space Free | Partition Type: NTFS
Drive D: | 155.38 Gb Total Space | 155.10 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 154.97 Gb Total Space | 98.97 Gb Free Space | 63.87% Space Free | Partition Type: FAT32
Drive F: | 155.37 Gb Total Space | 138.81 Gb Free Space | 89.34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEN-PC
Current User Name: Jen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/15 22:33:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Downloads\OTL\OTL.exe
PRC - [2010/06/11 22:59:12 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 09:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/07/13 21:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 21:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009/05/18 17:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
========== Modules (SafeList) ==========
MOD - [2010/06/15 22:33:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Downloads\OTL\OTL.exe
MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/13 21:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 17:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b
5\msvcr80.dll
MOD - [2009/06/10 17:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b
5\msvcp80.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/06/11 00:16:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/24 08:59:30 | 000,023,152 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2009/11/22 15:44:22 | 000,450,248 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/10/14 09:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/08/06 17:02:58 | 004,786,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/29 06:07:32 | 000,014,632 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tkbtnpn.sys -- (HBtnKey)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 18:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/18 17:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/12/21 12:50:24 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 12:49:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 12:48:54 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/06/15 14:56:36 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 22:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2010/06/15 14:47:52 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Malwarebytes
[2010/06/15 14:47:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/15 14:47:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/15 14:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/15 14:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/15 14:44:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/15 14:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/14 21:52:02 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Jen\Desktop\TFC.exe
[2010/06/11 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Macromedia
[2010/06/11 23:03:10 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Adobe
[2010/06/11 22:59:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/06/11 22:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/11 22:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/11 03:41:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/11 02:42:42 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/06/11 02:42:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/11 01:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\ForceField Shared Files
[2010/06/11 01:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\CheckPoint
[2010/06/11 01:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/06/11 01:04:55 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010/06/11 01:04:53 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010/06/11 01:04:53 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010/06/11 01:04:49 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010/06/11 01:04:47 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010/06/11 01:04:47 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010/06/11 01:04:47 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010/06/11 01:04:47 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010/06/11 01:04:46 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010/06/11 01:04:20 | 000,450,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010/06/11 01:04:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/06/11 01:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/06/11 01:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/06/11 01:03:47 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010/06/11 01:03:47 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010/06/11 01:03:47 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/06/11 00:59:34 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/11 00:59:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/11 00:59:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/11 00:59:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/11 00:59:29 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/11 00:58:52 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/11 00:58:48 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/11 00:58:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/06/11 00:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/11 00:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/11 00:33:32 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Diagnostics
[2010/06/11 00:16:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/06/11 00:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2010/06/11 00:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/06/11 00:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/06/11 00:05:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/11 00:05:29 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\InstallShield
[2010/06/11 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2010/06/11 00:05:16 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/06/11 00:04:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/11 00:04:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/11 00:04:27 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/06/11 00:04:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/11 00:04:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/11 00:04:26 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/06/11 00:04:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/06/11 00:04:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/06/11 00:04:26 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/06/11 00:04:26 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/06/11 00:04:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/06/11 00:04:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/06/11 00:04:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/11 00:04:21 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/06/11 00:04:19 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/06/11 00:04:19 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/06/11 00:04:19 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/06/11 00:04:18 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/06/11 00:04:16 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/06/11 00:04:16 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/06/11 00:04:15 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/06/11 00:04:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/06/11 00:04:15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/06/11 00:04:14 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/06/11 00:04:14 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/06/11 00:04:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/06/11 00:04:12 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/06/11 00:04:11 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/06/11 00:04:10 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/06/11 00:04:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/06/11 00:04:10 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/06/11 00:04:09 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/06/11 00:04:08 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/11 00:04:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/06/11 00:02:27 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/11 00:02:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/11 00:02:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/10 23:59:51 | 000,398,336 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWizudlg.exe
[2010/06/10 23:59:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/06/10 23:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/10 23:57:56 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2010/06/10 23:57:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/06/10 23:52:18 | 000,000,000 | R--D | C] -- C:\Users\Jen\Searches
[2010/06/10 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Identities
[2010/06/10 23:52:08 | 000,000,000 | R--D | C] -- C:\Users\Jen\Contacts
[2010/06/10 23:52:01 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\VirtualStore
[2010/06/10 23:52:00 | 000,000,000 | --SD | C] -- C:\Users\Jen\AppData\Roaming\Microsoft
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Videos
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Saved Games
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Pictures
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Music
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Links
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Favorites
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Downloads
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\My Documents
[2010/06/10 23:52:00 | 000,000,000 | R--D | C] -- C:\Users\Jen\Desktop
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\AppData\Local\Temporary Internet Files
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Templates
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Start Menu
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\SendTo
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Recent
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\PrintHood
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\NetHood
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Documents\My Videos
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Documents\My Pictures
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Documents\My Music
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\My Documents
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Local Settings
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\AppData\Local\History
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Cookies
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\Application Data
[2010/06/10 23:52:00 | 000,000,000 | -HSD | C] -- C:\Users\Jen\AppData\Local\Application Data
[2010/06/10 23:52:00 | 000,000,000 | -H-D | C] -- C:\Users\Jen\AppData
[2010/06/10 23:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Temp
[2010/06/10 23:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Microsoft
[2010/06/10 23:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Media Center Programs
[2010/06/10 23:51:40 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/06/10 23:50:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2010/06/16 02:36:58 | 000,786,432 | -HS- | M] () -- C:\Users\Jen\NTUSER.DAT
[2010/06/16 02:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/15 22:55:12 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/15 22:55:12 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/15 22:55:12 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/15 22:55:03 | 000,013,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 22:55:03 | 000,013,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 22:47:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/15 22:47:42 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 22:42:47 | 002,392,536 | -H-- | M] () -- C:\Users\Jen\AppData\Local\IconCache.db
[2010/06/15 22:25:26 | 000,293,376 | ---- | M] () -- C:\Users\Jen\Desktop\gmer.exe
[2010/06/15 14:54:54 | 000,057,560 | ---- | M] () -- C:\Users\Jen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/14 21:52:04 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\TFC.exe
[2010/06/13 19:09:35 | 001,357,847 | ---- | M] () -- C:\Users\Jen\Documents\IMAG0046.jpg
[2010/06/13 18:56:56 | 004,555,265 | ---- | M] () -- C:\Users\Jen\Documents\jenn_bounce.mp3
[2010/06/11 02:45:24 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/06/11 01:05:21 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/06/11 00:59:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/11 00:13:15 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/11 00:10:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2010/06/11 00:10:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/06/11 00:07:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_tp4track_01009.Wdf
[2010/06/10 23:58:32 | 000,524,288 | -HS- | M] () -- C:\Users\Jen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 23:58:32 | 000,524,288 | -HS- | M] () -- C:\Users\Jen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 23:58:32 | 000,065,536 | -HS- | M] () -- C:\Users\Jen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/06/10 23:52:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/10 23:52:00 | 000,000,020 | -HS- | M] () -- C:\Users\Jen\ntuser.ini
[2010/05/27 03:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 23:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/21 01:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
========== Files Created - No Company Name ==========
[2010/06/13 19:09:35 | 001,357,847 | ---- | C] () -- C:\Users\Jen\Documents\IMAG0046.jpg
[2010/06/13 18:56:49 | 004,555,265 | ---- | C] () -- C:\Users\Jen\Documents\jenn_bounce.mp3
[2010/06/11 02:42:03 | 1577,803,776 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/11 01:04:20 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/06/11 00:10:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2010/06/11 00:10:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/06/11 00:07:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_tp4track_01009.Wdf
[2010/06/11 00:05:30 | 000,106,496 | ---- | C] () -- C:\Windows\stkbtnpn.dll
[2010/06/10 23:59:51 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/10 23:59:51 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010/06/10 23:52:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/10 23:52:00 | 000,786,432 | -HS- | C] () -- C:\Users\Jen\NTUSER.DAT
[2010/06/10 23:52:00 | 000,524,288 | -HS- | C] () -- C:\Users\Jen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 23:52:00 | 000,524,288 | -HS- | C] () -- C:\Users\Jen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 23:52:00 | 000,262,144 | -HS- | C] () -- C:\Users\Jen\ntuser.dat.LOG1
[2010/06/10 23:52:00 | 000,065,536 | -HS- | C] () -- C:\Users\Jen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/06/10 23:52:00 | 000,000,020 | -HS- | C] () -- C:\Users\Jen\ntuser.ini
[2010/06/10 23:52:00 | 000,000,000 | -HS- | C] () -- C:\Users\Jen\ntuser.dat.LOG2
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/02/09 07:24:02 | 001,497,696 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/15 22:47:42 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 22:47:45 | 2103,738,368 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
< End of report >
OTL Extras logfile created on: 6/15/2010 10:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jen\Downloads\OTL
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 452.61 Gb Free Space | 97.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JEN-PC
Current User Name: Jen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26903C89-780A-463E-8CBD-E47A73927254}" = ThinkPad Tablet Button Driver
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Power Management Driver" = ThinkPad Power Management Driver
"TrackPoint" = ThinkPad TrackPoint Driver
"TVWiz" = Intel® TV Wizard
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/10/2010 11:51:40 PM | Computer Name = Jen-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Windows cannot delete the profile directory C:\Users\Administrator.
This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Error - 6/15/2010 9:46:05 AM | Computer Name = Jen-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/15/2010 2:03:27 PM | Computer Name = Jen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: taskbarcpl.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb20 Exception code: 0xc0000005 Fault offset: 0x0000a7e6 Faulting
process id: 0x318 Faulting application start time: 0x01cb0cb50d333573 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\taskbarcpl.dll
Report
Id: 4ba7b3ea-78a8-11df-8f25-001e4cfb38e5
Error - 6/15/2010 2:35:08 PM | Computer Name = Jen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0002d5f7 Faulting process
id: 0x260 Faulting application start time: 0x01cb0c2dcce35900 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: b8f1a348-78ac-11df-8f25-001e4cfb38e5
Error - 6/15/2010 9:27:01 PM | Computer Name = Jen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DrvInst.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc04d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x801f0000 Faulting process id: 0xc18 Faulting application
start time: 0x01cb0cf304b8f414 Faulting application path: C:\Windows\system32\DrvInst.exe
Faulting
module path: unknown Report Id: 430b0612-78e6-11df-8fa3-001e4cfb38e5
Error - 6/15/2010 9:33:42 PM | Computer Name = Jen-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/15/2010 10:30:29 PM | Computer Name = Jen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bcdd0 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x80e00000 Faulting process id:
0x1728 Faulting application start time: 0x01cb0cfbe234d086 Faulting application path:
C:\Windows\system32\SearchProtocolHost.exe Faulting module path: unknown Report Id:
20d1c662-78ef-11df-a378-001e4cfb38e5
[ System Events ]
Error - 6/15/2010 10:40:20 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 6/15/2010 10:41:17 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 6/15/2010 10:42:09 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 6/15/2010 10:43:25 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 6/15/2010 10:45:16 PM | Computer Name = Jen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:43:17 PM on ?6/?15/?2010 was unexpected.
Error - 6/15/2010 10:45:28 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 6/15/2010 10:47:59 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 6/15/2010 10:48:51 PM | Computer Name = Jen-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 6/15/2010 10:48:59 PM | Computer Name = Jen-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 6/15/2010 10:49:03 PM | Computer Name = Jen-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
< End of report >
Thanks so much for your time. Please let me know if you see any malware remaining or if I should do any other scans.