+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast
Results 1 to 15 of 51
  1. June 13th, 2012 05:44 AM #1
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37

    Resolved [RESOLVED] Trojan.hbo has left me with no internet connection

    Hi all, I hope you can assist me please.

    MBAM picked up trojan.hbo and I removed it.

    I can now not log on to the web.

    Step 1:

    Downloaded and ran malaware standalone and it came back clear.
    Reply With Quote Reply With Quote
  2. June 13th, 2012 05:57 AM #2
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37

    Step 2:

    my gmer report is really long and wont let me put it here, is there any way for me to attach a text file ?
    Reply With Quote Reply With Quote
  3. June 13th, 2012 07:17 AM #3
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-07 13:42:50
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
    Running: gmer.exe; Driver: C:\Users\Peter\AppData\Local\Temp\uwloapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90726DF8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90DB3A5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9072785E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9072C2E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9072C330]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x90CA6586]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9072C422]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x90CC7E92]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9072C252]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x90CC1E1C]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x90CC2244]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x90CCC46E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9072C29A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9072C3DC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90726E44]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x90CA72B6]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x90CC98DE]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x90CC91F6]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x90CC0C00]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90DB3B34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90726AD6]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x90CCA2A8]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x90CCA4E6]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x90CCA998]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90726E90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90729D1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90727B02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9072C30E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9072C352]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x90CA6E6E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9072C446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9072C278]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x90CC4334]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9072C3AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9072C2C2]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x90CC3F22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9072C400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90DB3CA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x907279CE]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x90CCB36E]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x90CCAC62]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x90CCBDCE]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x90CACF8E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90726EDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90726F28]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x90CA76C0]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x90CCB8F6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90726B46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90726CEA]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x90CC8954]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90726C92]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x90CC2F40]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x90CC2C70]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90726F74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90DB3BE0]
    SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x90CC26B8]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    Reply With Quote Reply With Quote
  4. June 13th, 2012 07:17 AM #4
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 82CBF890 4 Bytes [F8, 6D, 72, 90] {CLC ; INSD ; JB 0xffffffffffffff94}
    .text ntkrnlpa.exe!KeSetEvent + 131 82CBF8B4 4 Bytes [5A, 3A, DB, 90] {POP EDX; CMP BL, BL; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 191 82CBF914 4 Bytes JMP F544579B
    .text ntkrnlpa.exe!KeSetEvent + 1D1 82CBF954 16 Bytes [E4, C2, 72, 90, 30, C3, 72, ...] {IN AL, 0xc2; JB 0xffffffffffffff94; XOR BL, AL; JB 0xffffffffffffff98; XCHG [EBP-0x36], AH; NOP ; AND AL, AH; JB 0xffffffffffffffa0}
    .text ntkrnlpa.exe!KeSetEvent + 1E9 82CBF96C 4 Bytes JMP CC7E9282
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DEA633 5 Bytes JMP 90DC6C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82E43573 5 Bytes JMP 90DC874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E4CE98 4 Bytes CALL 907281B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E50B0C 4 Bytes CALL 907281CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F404360, 0x35BF98, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[12] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[12] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00190600
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00190804
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00190A08
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001901F8
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001903FC
    .text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!IsWindowUnicode + 37 76B690B5 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[644] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000D0600
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000D0804
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000D0A08
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000D01F8
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000D03FC
    .text C:\Windows\System32\spoolsv.exe[644] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\csrss.exe[672] KERNEL32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[728] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[728] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
    .text C:\Windows\system32\wininit.exe[728] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wininit.exe[728] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\csrss.exe[740] KERNEL32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[772] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[772] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[772] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    Reply With Quote Reply With Quote
  5. June 13th, 2012 07:18 AM #5
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Windows\system32\services.exe[772] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[772] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[772] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[772] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[772] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[772] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\services.exe[772] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[772] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\services.exe[772] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[784] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00090600
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\lsass.exe[784] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[796] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\lsm.exe[796] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\lsm.exe[796] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\lsm.exe[796] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
    .text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
    .text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
    .text C:\Windows\ehome\ehRecvr.exe[904] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\ehome\ehRecvr.exe[904] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[932] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\Dwm.exe[944] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[944] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[944] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    Reply With Quote Reply With Quote
  6. June 13th, 2012 07:18 AM #6
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002503FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00250600
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00251014
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00250804
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00250A08
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00250C0C
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00250E10
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002501F8
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\winlogon.exe[1020] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[1020] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[1020] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001003FC
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\taskeng.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002B0600
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002B0804
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002B0A08
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002B01F8
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002B03FC
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00C30600
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00C30804
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00C30A08
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 00C301F8
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 00C303FC
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[1396] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    Reply With Quote Reply With Quote
  7. June 13th, 2012 07:19 AM #7
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[944] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[944] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002503FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00250600
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00251014
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00250804
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00250A08
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00250C0C
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00250E10
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002501F8
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
    .text C:\Program Files\Softex\OmniPass\OmniServ.exe[996] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\winlogon.exe[1020] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[1020] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[1020] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[1020] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[1020] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001003FC
    .text C:\Windows\system32\svchost.exe[1064] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\taskeng.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002B0600
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002B0804
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002B0A08
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002B01F8
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002B03FC
    .text C:\Windows\System32\svchost.exe[1176] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00C30600
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00C30804
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00C30A08
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 00C301F8
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 00C303FC
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
    .text C:\Windows\system32\svchost.exe[1220] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\AUDIODG.EXE[1396] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    Reply With Quote Reply With Quote
  8. June 13th, 2012 07:21 AM #8
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Windows\system32\svchost.exe[1424] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[1424] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1424] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002C0600
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002C0804
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002C0A08
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002C01F8
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002C03FC
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[1672] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 76E8A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\ehome\ehtray.exe[2064] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\ehome\ehtray.exe[2064] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136]
    Reply With Quote Reply With Quote
  9. June 13th, 2012 07:22 AM #9
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2148] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2148] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2148] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2488] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00160600
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00160804
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00160A08
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001601F8
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001603FC
    .text C:\Windows\system32\svchost.exe[2552] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656]
    Reply With Quote Reply With Quote
  10. June 13th, 2012 07:23 AM #10
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\Explorer.EXE[2736] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[2736] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[2736] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\Explorer.EXE[2736] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
    .text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
    .text C:\Windows\Explorer.EXE[2736] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\Explorer.EXE[2736] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\Explorer.EXE[2736] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2740] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2740] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[2740] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
    .text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
    .text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
    .text C:\Windows\ehome\ehmsas.exe[2800] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\ehome\ehmsas.exe[2800] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    Reply With Quote Reply With Quote
  11. June 13th, 2012 07:24 AM #11
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[2916] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2916] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[2916] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\svchost.exe[2916] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00090600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[3000] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    Reply With Quote Reply With Quote
  12. June 13th, 2012 07:25 AM #12
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001601F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001603FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002703FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00270600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00271014
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00270804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00270A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00270C0C
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00270E10
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002701F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00280600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00280804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00280A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002801F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002803FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3272] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 002C01F8
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 002C03FC
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] kernel32.dll!CreateThread + 1A 76EACB48 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002E03FC
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!DeleteService 76F8A07E 5 Bytes JMP 002E0600
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 002E1014
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 002E0804
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 002E0A08
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 002E0C0C
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 002E0E10
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] advapi32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002E01F8
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 002F0600
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 002F0804
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 002F0A08
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002F01F8
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002F03FC
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00190600
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00191014
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00190804
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00190A08
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00190C0C
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00190E10
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001901F8
    .text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000401F8
    .text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000403FC
    .text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000603FC
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00060600
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00061014
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00060804
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00060A08
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00060C0C
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00060E10
    .text C:\Windows\ehome\ehsched.exe[3776] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000601F8
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\ehome\ehsched.exe[3776] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3856] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    Reply With Quote Reply With Quote
  13. June 13th, 2012 07:26 AM #13
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3856] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3856] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\svchost.exe[3856] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\taskeng.exe[4004] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\taskeng.exe[4004] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\wbem\unsecapp.exe[4124] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[4152] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] kernel32.dll!SetUnhandledExceptionFilter 76E8A8C5 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00E90600
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00E90804
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00E90A08
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 00E901F8
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 00E903FC
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 00EB03FC
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00EB0600
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00EB1014
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00EB0804
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00EB0A08
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00EB0C0C
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00EB0E10
    .text C:\Program Files\Softex\OmniPass\scureapp.exe[4344] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 00EB01F8
    .text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Users\Peter\Desktop\gmer.exe[4524] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Users\Peter\Desktop\gmer.exe[4524] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001401F8
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001403FC
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00160600
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00160804
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00160A08
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001603FC
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    Reply With Quote Reply With Quote
  14. June 13th, 2012 07:27 AM #14
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000A01F8
    .text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000A03FC
    .text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000B0600
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000B0804
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000B0A08
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\rundll32.exe[5100] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000C0600
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000C1014
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000C0804
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000C0A08
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000C0C0C
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000C0E10
    .text C:\Windows\System32\rundll32.exe[5100] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000C01F8
    .text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000601F8
    .text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000603FC
    .text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00070600
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00070804
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00070A08
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\System32\rundll32.exe[5112] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000803FC
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00080600
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00081014
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00080804
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00080A08
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00080C0C
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00080E10
    .text C:\Windows\System32\rundll32.exe[5112] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[5260] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Eraser\Eraser.exe[5332] KERNEL32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5692] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001601F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001603FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00170600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00170804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00180600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[5740] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00260600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00260804
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00260A08
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 002601F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 002603FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 002703FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00270600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00271014
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00270804
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00270A08
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00270C0C
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00270E10
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5948] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 002701F8
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    Reply With Quote Reply With Quote
  15. June 13th, 2012 07:28 AM #15
    cloutty
    cloutty is offline Virtual Med Student
    Join Date
    May 2012
    Location
    UK
    Posts
    37
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5960] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[6052] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000501F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 00070600
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 00080600
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 00080804
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[6060] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!LdrLoadDll 77499378 5 Bytes JMP 000901F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!LdrUnloadDll 774AB680 5 Bytes JMP 000903FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtAccessCheckByType 774D3EB4 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtAlpcImpersonateClientOfPort 774D4084 5 Bytes JMP 20CB8DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtImpersonateClientOfPort 774D4854 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ntdll.dll!NtSetInformationProcess 774D5194 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] kernel32.dll!OpenProcess 76EA7487 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] kernel32.dll!GetBinaryTypeW + 70 76EB2467 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ImpersonateNamedPipeClient 76F53A48 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!SetThreadToken 76F68E21 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!CreateServiceW 76F89EB4 5 Bytes JMP 000C03FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!DeleteService 76F8A07E 5 Bytes JMP 000C0600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!SetServiceObjectSecurity 76FC6CD9 5 Bytes JMP 000C1014
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfigA 76FC6DD9 5 Bytes JMP 000C0804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfigW 76FC6F81 5 Bytes JMP 000C0A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfig2A 76FC7099 5 Bytes JMP 000C0C0C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!ChangeServiceConfig2W 76FC71E1 5 Bytes JMP 000C0E10
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] ADVAPI32.dll!CreateServiceA 76FC72A1 5 Bytes JMP 000C01F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!SetWindowsHookExA 76B66322 5 Bytes JMP 000D0600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!SetWindowsHookExW 76B687AD 5 Bytes JMP 000D0804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!UnhookWindowsHookEx 76B698DB 5 Bytes JMP 000D0A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!FindWindowA 76B69D76 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!SetWinEventHook 76B69F3A 5 Bytes JMP 000D01F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!UnhookWinEvent 76B6C06F 5 Bytes JMP 000D03FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[6076] USER32.dll!FindWindowW 76B7A441 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\svchost.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] [716A4360] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [716A4380] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [716A3E90] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [716A4340] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [716A9EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [716A9EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [716A20F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!RegisterWaitForSingleObject] [716A1F20] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [716A9EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76F2DDF5] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76F2DDF5] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [76F2DDFA] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[200] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [76F2DDF5] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
    IAT C:\Windows\System32\spoolsv.exe[644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\wininit.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00A40002
    IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00A40000
    IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\lsass.exe[784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\lsm.exe[796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\ehome\ehRecvr.exe[904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Softex\OmniPass\OmniServ.exe[996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[1176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[1672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7346F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Windows\ehome\ehtray.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Bonjour\mDNSResponder.exe[2136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[2148] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\iPod\bin\iPodService.exe[2488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe[2536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[2552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74177817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7417BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7416F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7416E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7417DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7416FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7416FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7419C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7416D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74166853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7416687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74172AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\system32\svchost.exe[2740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\ehome\ehmsas.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[2856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe[2880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\System32\svchost.exe[2916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\SearchIndexer.exe[3000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\WUDFHost.exe[3136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Google\Update\GoogleUpdate.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe[3408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0008EEF0] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
    IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3416] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!QueueUserWorkItem] [0008EEF0] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
    IAT C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\ehome\ehsched.exe[3776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\svchost.exe[3856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\taskeng.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Windows\system32\wbem\wmiprvse.exe[4152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Users\Peter\Desktop\gmer.exe[4524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
    IAT C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe[4816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules